Some mechanical changes (mostly whitespace, like indentation levels)
authorKen Raeburn <raeburn@mit.edu>
Wed, 30 Aug 2006 00:10:54 +0000 (00:10 +0000)
committerKen Raeburn <raeburn@mit.edu>
Wed, 30 Aug 2006 00:10:54 +0000 (00:10 +0000)
to match up better with MIT coding style.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970

src/plugins/kdb/ldap/ldap_util/kdb5_ldap_list.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_policy.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.h
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.h
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c

index 733b7ab814a16222de270d1933b3c48fff5fcd18..835b2350bbe6ceed25d616e8bcbb7234147eaa0a 100644 (file)
@@ -5,28 +5,28 @@
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
@@ -44,10 +44,10 @@ int list_count_str_array(char **list)
     int i = 0;
 
     if (list == NULL)
-        return 0;
+       return 0;
 
     for (i = 0; *list != NULL; list++) {
-        i++;
+       i++;
     }
 
     return i;
@@ -62,10 +62,10 @@ int list_count_int_array(int *list)
     int i = 0;
 
     if (list == NULL)
-        return 0;
+       return 0;
 
     for (i = 0; *list != END_OF_LIST; list++) {
-        i++;
+       i++;
     }
 
     return i;
@@ -79,10 +79,10 @@ void krb5_free_list_entries(list)
     char **list;
 {
     if (list == NULL)
-        return;
-    for(; *list != NULL; list++) {
-        free(*list);
-        *list = NULL;
+       return;
+    for (; *list != NULL; list++) {
+       free(*list);
+       *list = NULL;
     }
 
     return;
@@ -90,10 +90,10 @@ void krb5_free_list_entries(list)
 
 
 /*
- * Tokenize the given string based on the delimiter provided 
+ * Tokenize the given string based on the delimiter provided
  * and return the result as a list
  */
-krb5_error_code 
+krb5_error_code
 krb5_parse_list(buffer, delimiter, list)
     char *buffer;
     char *delimiter;
@@ -107,32 +107,32 @@ krb5_parse_list(buffer, delimiter, list)
     int count = 0;
 
     if ((buffer == NULL) || (list == NULL) || (delimiter == NULL)) {
-        return EINVAL;
+       return EINVAL;
     }
 
     str = strdup(buffer);
     if (str == NULL)
-        return ENOMEM;
+       return ENOMEM;
 
     token = strtok_r(str, delimiter, &ptrptr);
-    for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES)); 
-                            plist++, count++) {
-        *plist = strdup(token);
-        if (*plist == NULL) {
-            retval = ENOMEM;
-            goto cleanup;
-        }
-        token = strtok_r(NULL, delimiter, &ptrptr);
+    for (count = 1; ((token != NULL) && (count < MAX_LIST_ENTRIES));
+        plist++, count++) {
+       *plist = strdup(token);
+       if (*plist == NULL) {
+           retval = ENOMEM;
+           goto cleanup;
+       }
+       token = strtok_r(NULL, delimiter, &ptrptr);
     }
     *plist = NULL;
 
 cleanup:
-    if(str) {
-        free(str);
-        str = NULL;
+    if (str) {
+       free(str);
+       str = NULL;
     }
     if (retval)
-        krb5_free_list_entries(list);
+       krb5_free_list_entries(list);
 
     return retval;
 }
@@ -151,7 +151,7 @@ int compare_int(m1, m2)
 
 /*
  * Modifies the destination list to contain or not to contain the
- * entries present in the source list, depending on the mode 
+ * entries present in the source list, depending on the mode
  * (ADD or DELETE).
  */
 void list_modify_str_array(destlist, sourcelist, mode)
@@ -165,53 +165,52 @@ void list_modify_str_array(destlist, sourcelist, mode)
     int found = 0;
 
     if ((destlist == NULL) || (*destlist == NULL) || (sourcelist == NULL))
-        return;
+       return;
 
-    /* We need to add every entry present in the source list to 
+    /* We need to add every entry present in the source list to
      * the destination list */
     if (mode == LIST_MODE_ADD) {
-        /* Traverse throught the end of destlist for appending */
-        for(dlist = *destlist, dcount = 0; *dlist != NULL;
-             dlist++, dcount++) {
-            ;   /* NULL statement */
-        }
-        /* Count the number of entries in the source list */
-        for(slist = sourcelist, scount = 0; *slist != NULL;
-             slist++, scount++) {
-            ;   /* NULL statement */
-        }
-        /* Reset the slist pointer to the start of source list */
-        slist = sourcelist;
-
-        /* Now append the source list to the existing destlist */
-        if ((dcount + scount) < MAX_LIST_ENTRIES) 
-            copycount = scount;
-        else
-            /* Leave the last entry for list terminator(=NULL) */
-            copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
-        memcpy(dlist, slist, (sizeof(char *) * copycount));
-        dlist += copycount;
-        *dlist = NULL;
-    }
-    else if (mode == LIST_MODE_DELETE) {
-        /* We need to delete every entry present in the source list 
-         * from the destination list */
-        for(slist = sourcelist; *slist != NULL; slist++) {
-            for(dlist = *destlist; *dlist != NULL; dlist++) {
+       /* Traverse throught the end of destlist for appending */
+       for (dlist = *destlist, dcount = 0; *dlist != NULL;
+            dlist++, dcount++) {
+           ;   /* NULL statement */
+       }
+       /* Count the number of entries in the source list */
+       for (slist = sourcelist, scount = 0; *slist != NULL;
+            slist++, scount++) {
+           ;   /* NULL statement */
+       }
+       /* Reset the slist pointer to the start of source list */
+       slist = sourcelist;
+
+       /* Now append the source list to the existing destlist */
+       if ((dcount + scount) < MAX_LIST_ENTRIES)
+           copycount = scount;
+       else
+           /* Leave the last entry for list terminator(=NULL) */
+           copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+       memcpy(dlist, slist, (sizeof(char *) * copycount));
+       dlist += copycount;
+       *dlist = NULL;
+    } else if (mode == LIST_MODE_DELETE) {
+       /* We need to delete every entry present in the source list
+        * from the destination list */
+       for (slist = sourcelist; *slist != NULL; slist++) {
+           for (dlist = *destlist; *dlist != NULL; dlist++) {
                found = 0; /* value not found */
-                /* DN is case insensitive string */
-                if (strcasecmp(*dlist, *slist) == 0) {
+               /* DN is case insensitive string */
+               if (strcasecmp(*dlist, *slist) == 0) {
                    found = 1;
-                    free(*dlist);
-                    /* Advance the rest of the entries by one */
-                    for(tmplist = dlist; *tmplist != NULL; tmplist++) {
-                        *tmplist = *(tmplist+1);
-                    }
-                    break;
-                }
-            }
-        }
+                   free(*dlist);
+                   /* Advance the rest of the entries by one */
+                   for (tmplist = dlist; *tmplist != NULL; tmplist++) {
+                       *tmplist = *(tmplist+1);
+                   }
+                   break;
+               }
+           }
+       }
     }
 
     return;
@@ -220,7 +219,7 @@ void list_modify_str_array(destlist, sourcelist, mode)
 
 /*
  * Modifies the destination list to contain or not to contain the
- * entries present in the source list, depending on the mode 
+ * entries present in the source list, depending on the mode
  * (ADD or DELETE). where the list is array of integers.
  */
 int list_modify_int_array(destlist, sourcelist, mode)
@@ -234,54 +233,53 @@ int list_modify_int_array(destlist, sourcelist, mode)
     int tcount = 0;
 
     if ((destlist == NULL) || (sourcelist == NULL))
-        return 0;
+       return 0;
 
-    /* We need to add every entry present in the source list to the 
+    /* We need to add every entry present in the source list to the
      * destination list */
     if (mode == LIST_MODE_ADD) {
-        /* Traverse throught the end of destlist for appending */
-        for(dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
-             dlist++, dcount++)
-            ;   /* NULL statement */
-
-        /* Count the number of entries in the source list */
-        for(slist = sourcelist, scount = 0; *slist != END_OF_LIST;
-             slist++, scount++)
-            ;   /* NULL statement */
-
-        /* Reset the slist pointer to the start of source list */
-        slist = sourcelist;
-
-        /* Now append the source list to the existing destlist */
-        if ((dcount + scount) < MAX_LIST_ENTRIES) 
-            copycount = scount;
-        else
-            /* Leave the last entry for list terminator(=NULL) */
-            copycount = (MAX_LIST_ENTRIES -1) - dcount;
-
-        memcpy(dlist, slist, (sizeof(int) * copycount));
-        dlist += copycount;
-        *dlist = END_OF_LIST;
-        tcount = dcount + copycount;
-    }
-    else if (mode == LIST_MODE_DELETE) {
-        /* We need to delete every entry present in the source list from
-         * the destination list */
-        for(slist = sourcelist; *slist != END_OF_LIST; slist++) {
-            for(dlist = destlist; *dlist != END_OF_LIST; dlist++) {
-                if (*dlist == *slist) {
-                    /* Advance the rest of the entries by one */
-                    for(tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
-                        *tmplist = *(tmplist+1);
-                    }
-                    break;
-                }
-            }
-        }
-        /* count the number of entries */
-        for(dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
-            tcount++;
-        }
+       /* Traverse throught the end of destlist for appending */
+       for (dlist = destlist, dcount = 0; *dlist != END_OF_LIST;
+            dlist++, dcount++)
+           ;   /* NULL statement */
+
+       /* Count the number of entries in the source list */
+       for (slist = sourcelist, scount = 0; *slist != END_OF_LIST;
+            slist++, scount++)
+           ;   /* NULL statement */
+
+       /* Reset the slist pointer to the start of source list */
+       slist = sourcelist;
+
+       /* Now append the source list to the existing destlist */
+       if ((dcount + scount) < MAX_LIST_ENTRIES)
+           copycount = scount;
+       else
+           /* Leave the last entry for list terminator(=NULL) */
+           copycount = (MAX_LIST_ENTRIES -1) - dcount;
+
+       memcpy(dlist, slist, (sizeof(int) * copycount));
+       dlist += copycount;
+       *dlist = END_OF_LIST;
+       tcount = dcount + copycount;
+    } else if (mode == LIST_MODE_DELETE) {
+       /* We need to delete every entry present in the source list from
+        * the destination list */
+       for (slist = sourcelist; *slist != END_OF_LIST; slist++) {
+           for (dlist = destlist; *dlist != END_OF_LIST; dlist++) {
+               if (*dlist == *slist) {
+                   /* Advance the rest of the entries by one */
+                   for (tmplist = dlist; *tmplist != END_OF_LIST; tmplist++) {
+                       *tmplist = *(tmplist+1);
+                   }
+                   break;
+               }
+           }
+       }
+       /* count the number of entries */
+       for (dlist = destlist, tcount = 0; *dlist != END_OF_LIST; dlist++) {
+           tcount++;
+       }
     }
 
     return tcount;
index 71d4863aa442dcf19629e2f4d9b7fdfcfe5865d4..7bcac41a61105ab35953c50d86eb93eb213b272a 100644 (file)
@@ -5,28 +5,28 @@
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
@@ -49,13 +49,13 @@ extern char *yes;
 
 
 /*
- * This function will create a ticket policy object with the 
+ * This function will create a ticket policy object with the
  * specified attributes.
  */
 void
 kdb5_ldap_create_policy(argc, argv)
-   int argc;
-   char *argv[];
+    int argc;
+    char *argv[];
 {
     char *me = argv[0];
     krb5_error_code retval = 0;
@@ -75,8 +75,8 @@ kdb5_ldap_create_policy(argc, argv)
     /* Allocate memory for policy parameters structure */
     policyparams = (krb5_ldap_policy_params*) calloc(1, sizeof(krb5_ldap_policy_params));
     if (policyparams == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
 
     /* Get current time */
@@ -84,179 +84,165 @@ kdb5_ldap_create_policy(argc, argv)
 
     /* Parse all arguments */
     for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-maxtktlife")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            date = get_date(argv[i], NULL);
-            if (date == (time_t)(-1)) {
-                retval = EINVAL;
-                com_err (me, retval, "while providing time specification");
-                goto err_nomsg;
-            }
-
-            policyparams->maxtktlife = date - now;
-
-            mask |= LDAP_POLICY_MAXTKTLIFE;
-        }
-        else if (!strcmp(argv[i], "-maxrenewlife")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            date = get_date(argv[i], NULL);
-            if (date == (time_t)(-1)) {
-                retval = EINVAL;
-                com_err (me, retval, "while providing time specification");
-                goto err_nomsg;
-            }
-
-            policyparams->maxrenewlife = date - now;
-
-            mask |= LDAP_POLICY_MAXRENEWLIFE;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_postdated")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_renewable")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "requires_preauth")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_svr")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_tix")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "needchange")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "password_changing_service")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-            else
-                goto err_usage;
-
-            mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else { /* Any other argument must be policy DN */
-            /* First check if policy DN is already provided --
-               if so, there's a usage error */
-            if (policyparams->policydn != NULL)
-                goto err_usage;
-
-            /* If not present already, fill up policy DN */
-            policyparams->policydn = strdup(argv[i]);
-            if (policyparams->policydn == NULL) {
-                retval = ENOMEM;
-                com_err(me, retval, "while creating policy object");
-                goto err_nomsg;
-            }
-        }
+       if (!strcmp(argv[i], "-maxtktlife")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           date = get_date(argv[i], NULL);
+           if (date == (time_t)(-1)) {
+               retval = EINVAL;
+               com_err (me, retval, "while providing time specification");
+               goto err_nomsg;
+           }
+
+           policyparams->maxtktlife = date - now;
+
+           mask |= LDAP_POLICY_MAXTKTLIFE;
+       } else if (!strcmp(argv[i], "-maxrenewlife")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           date = get_date(argv[i], NULL);
+           if (date == (time_t)(-1)) {
+               retval = EINVAL;
+               com_err (me, retval, "while providing time specification");
+               goto err_nomsg;
+           }
+
+           policyparams->maxrenewlife = date - now;
+
+           mask |= LDAP_POLICY_MAXRENEWLIFE;
+       } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "needchange")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+           else
+               goto err_usage;
+
+           mask |= LDAP_POLICY_TKTFLAGS;
+       } else { /* Any other argument must be policy DN */
+           /* First check if policy DN is already provided --
+              if so, there's a usage error */
+           if (policyparams->policydn != NULL)
+               goto err_usage;
+
+           /* If not present already, fill up policy DN */
+           policyparams->policydn = strdup(argv[i]);
+           if (policyparams->policydn == NULL) {
+               retval = ENOMEM;
+               com_err(me, retval, "while creating policy object");
+               goto err_nomsg;
+           }
+       }
     }
 
     /* policy DN is a mandatory argument. If not provided, print usage */
     if (policyparams->policydn == NULL)
-        goto err_usage;
+       goto err_usage;
 
     /* Create object with all attributes provided */
     if ((retval = krb5_ldap_create_policy(util_context, policyparams, mask)) != 0)
-        goto cleanup;
+       goto cleanup;
 
     goto cleanup;
 
@@ -271,13 +257,13 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (print_usage)
-        db_usage(CREATE_POLICY);
+       db_usage(CREATE_POLICY);
 
     if (retval) {
-        if (!no_msg)
-            com_err(me, retval, "while creating policy object");
+       if (!no_msg)
+           com_err(me, retval, "while creating policy object");
 
-        exit_status++;
+       exit_status++;
     }
 
     return;
@@ -285,7 +271,7 @@ cleanup:
 
 
 /*
- * This function will destroy the specified ticket policy 
+ * This function will destroy the specified ticket policy
  * object interactively, unless forced through an option.
  */
 void
@@ -311,31 +297,30 @@ kdb5_ldap_destroy_policy(argc, argv)
     for (i = 1; i < argc; i++) {
        if (strcmp(argv[i], "-force") == 0) {
            force++;
+       } else { /* Any other argument must be policy DN */
+           /* First check if policy DN is already provided --
+              if so, there's a usage error */
+           if (policydn != NULL)
+               goto err_usage;
+
+           /* If not present already, fill up policy DN */
+           policydn = strdup(argv[i]);
+           if (policydn == NULL) {
+               retval = ENOMEM;
+               com_err(me, retval, "while destroying policy object");
+               goto err_nomsg;
+           }
        }
-       else { /* Any other argument must be policy DN */
-            /* First check if policy DN is already provided --
-               if so, there's a usage error */
-            if (policydn != NULL)
-                goto err_usage;
-
-            /* If not present already, fill up policy DN */
-            policydn = strdup(argv[i]);
-            if (policydn == NULL) {
-                retval = ENOMEM;
-                com_err(me, retval, "while destroying policy object");
-                goto err_nomsg;
-            }
-        }
     }
 
     if (policydn == NULL)
-        goto err_usage;
+       goto err_usage;
 
     if (!force) {
-        printf("This will delete the policy object '%s', are you sure?\n", policydn);
-        printf("(type 'yes' to confirm)? ");
+       printf("This will delete the policy object '%s', are you sure?\n", policydn);
+       printf("(type 'yes' to confirm)? ");
 
-        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+       if (fgets(buf, sizeof(buf), stdin) == NULL) {
            retval = EINVAL;
            goto cleanup;
        }
@@ -348,21 +333,21 @@ kdb5_ldap_destroy_policy(argc, argv)
 
     if ((retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &mask)))
        goto cleanup;
-    
-   
+
+
     if ((retval = krb5_ldap_delete_policy(util_context, policydn, policyparams,&mask)))
        goto cleanup;
 
     printf("** policy object '%s' deleted.\n", policydn);
     goto cleanup;
-    
-    
+
+
 err_usage:
     print_usage = TRUE;
 
 err_nomsg:
     no_msg = TRUE;
-    
+
 cleanup:
     /* Clean-up structure */
     krb5_ldap_free_policy (util_context, policyparams);
@@ -370,16 +355,16 @@ cleanup:
     if (policydn) {
        free (policydn);
     }
-   
+
     if (print_usage) {
        db_usage(DESTROY_POLICY);
     }
 
     if (retval) {
-        if (!no_msg)
-            com_err(me, retval, "while destroying policy object");
+       if (!no_msg)
+           com_err(me, retval, "while destroying policy object");
 
-        exit_status++;
+       exit_status++;
     }
 
     return;
@@ -392,8 +377,8 @@ cleanup:
  */
 void
 kdb5_ldap_modify_policy(argc, argv)
-   int argc;
-   char *argv[];
+    int argc;
+    char *argv[];
 {
     char *me = argv[0];
     krb5_error_code retval = 0;
@@ -415,51 +400,49 @@ kdb5_ldap_modify_policy(argc, argv)
 
     /* Parse all arguments, only to pick up policy DN (Pass 1) */
     for (i = 1; i < argc; i++) {
-        /* Skip arguments next to 'maxtktlife'
-           and 'maxrenewlife' arguments */
-        if (!strcmp(argv[i], "-maxtktlife")) {
-            ++i;
-        }
-        else if (!strcmp(argv[i], "-maxrenewlife")) {
-            ++i;
-        }
-        /* Do nothing for ticket flag arguments */
-        else if (!strcmp((argv[i] + 1), "allow_postdated") ||
-                 !strcmp((argv[i] + 1), "allow_forwardable") ||
-                 !strcmp((argv[i] + 1), "allow_renewable") ||
-                 !strcmp((argv[i] + 1), "allow_proxiable") ||
-                 !strcmp((argv[i] + 1), "allow_dup_skey") ||
-                 !strcmp((argv[i] + 1), "requires_preauth") ||
-                 !strcmp((argv[i] + 1), "requires_hwauth") ||
-                 !strcmp((argv[i] + 1), "allow_svr") ||
-                 !strcmp((argv[i] + 1), "allow_tgs_req") ||
-                 !strcmp((argv[i] + 1), "allow_tix") ||
-                 !strcmp((argv[i] + 1), "needchange") ||
-                 !strcmp((argv[i] + 1), "password_changing_service")) {
-        }
-        else { /* Any other argument must be policy DN */
-            /* First check if policy DN is already provided --
-               if so, there's a usage error */
-            if (policydn != NULL)
-                goto err_usage;
-
-            /* If not present already, fill up policy DN */
-            policydn = strdup(argv[i]);
-            if (policydn == NULL) {
-                retval = ENOMEM;
-                com_err(me, retval, "while modifying policy object");
-                goto err_nomsg;
-            }
+       /* Skip arguments next to 'maxtktlife'
+          and 'maxrenewlife' arguments */
+       if (!strcmp(argv[i], "-maxtktlife")) {
+           ++i;
+       } else if (!strcmp(argv[i], "-maxrenewlife")) {
+           ++i;
+       }
+       /* Do nothing for ticket flag arguments */
+       else if (!strcmp((argv[i] + 1), "allow_postdated") ||
+                !strcmp((argv[i] + 1), "allow_forwardable") ||
+                !strcmp((argv[i] + 1), "allow_renewable") ||
+                !strcmp((argv[i] + 1), "allow_proxiable") ||
+                !strcmp((argv[i] + 1), "allow_dup_skey") ||
+                !strcmp((argv[i] + 1), "requires_preauth") ||
+                !strcmp((argv[i] + 1), "requires_hwauth") ||
+                !strcmp((argv[i] + 1), "allow_svr") ||
+                !strcmp((argv[i] + 1), "allow_tgs_req") ||
+                !strcmp((argv[i] + 1), "allow_tix") ||
+                !strcmp((argv[i] + 1), "needchange") ||
+                !strcmp((argv[i] + 1), "password_changing_service")) {
+       } else { /* Any other argument must be policy DN */
+           /* First check if policy DN is already provided --
+              if so, there's a usage error */
+           if (policydn != NULL)
+               goto err_usage;
+
+           /* If not present already, fill up policy DN */
+           policydn = strdup(argv[i]);
+           if (policydn == NULL) {
+               retval = ENOMEM;
+               com_err(me, retval, "while modifying policy object");
+               goto err_nomsg;
+           }
        }
     }
 
     if (policydn == NULL)
-        goto err_usage;
+       goto err_usage;
 
     retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &in_mask);
     if (retval) {
-        com_err(me, retval, "while reading information of policy '%s'", policydn);
-        goto err_nomsg;
+       com_err(me, retval, "while reading information of policy '%s'", policydn);
+       goto err_nomsg;
     }
 
     /* Get current time */
@@ -467,165 +450,151 @@ kdb5_ldap_modify_policy(argc, argv)
 
     /* Parse all arguments, but skip policy DN (Pass 2) */
     for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-maxtktlife")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            date = get_date(argv[i], NULL);
-            if (date == (time_t)(-1)) {
-                retval = EINVAL;
-                com_err (me, retval, "while providing time specification");
-                goto err_nomsg;
-            }
-
-            policyparams->maxtktlife = date - now;
-
-            out_mask |= LDAP_POLICY_MAXTKTLIFE;
-        }
-        else if (!strcmp(argv[i], "-maxrenewlife")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            date = get_date(argv[i], NULL);
-            if (date == (time_t)(-1)) {
-                retval = EINVAL;
-                com_err (me, retval, "while providing time specification");
-                goto err_nomsg;
-            }
-
-            policyparams->maxrenewlife = date - now;
-
-            out_mask |= LDAP_POLICY_MAXRENEWLIFE;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_postdated")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_renewable")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "requires_preauth")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_svr")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "allow_tix")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "needchange")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else if (!strcmp((argv[i] + 1), "password_changing_service")) {
-            if (*(argv[i]) == '+')
-                policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-            else if (*(argv[i]) == '-')
-                policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-            else
-                goto err_usage;
-
-            out_mask |= LDAP_POLICY_TKTFLAGS;
-        }
-        else {
-             /* Any other argument must be policy DN
-                -- skip it */
-        }
+       if (!strcmp(argv[i], "-maxtktlife")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           date = get_date(argv[i], NULL);
+           if (date == (time_t)(-1)) {
+               retval = EINVAL;
+               com_err (me, retval, "while providing time specification");
+               goto err_nomsg;
+           }
+
+           policyparams->maxtktlife = date - now;
+
+           out_mask |= LDAP_POLICY_MAXTKTLIFE;
+       } else if (!strcmp(argv[i], "-maxrenewlife")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           date = get_date(argv[i], NULL);
+           if (date == (time_t)(-1)) {
+               retval = EINVAL;
+               com_err (me, retval, "while providing time specification");
+               goto err_nomsg;
+           }
+
+           policyparams->maxrenewlife = date - now;
+
+           out_mask |= LDAP_POLICY_MAXRENEWLIFE;
+       } else if (!strcmp((argv[i] + 1), "allow_postdated")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_forwardable")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_renewable")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_proxiable")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_dup_skey")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "requires_preauth")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "requires_hwauth")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_svr")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_tgs_req")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "allow_tix")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "needchange")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else if (!strcmp((argv[i] + 1), "password_changing_service")) {
+           if (*(argv[i]) == '+')
+               policyparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+           else if (*(argv[i]) == '-')
+               policyparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+           else
+               goto err_usage;
+
+           out_mask |= LDAP_POLICY_TKTFLAGS;
+       } else {
+           /* Any other argument must be policy DN
+              -- skip it */
+       }
     }
 
     /* Modify attributes of object */
     if ((retval = krb5_ldap_modify_policy(util_context, policyparams, out_mask)))
-        goto cleanup;
+       goto cleanup;
 
     goto cleanup;
 
@@ -640,23 +609,23 @@ cleanup:
     krb5_ldap_free_policy (util_context, policyparams);
 
     if (policydn)
-        free (policydn);
+       free (policydn);
 
     if (print_usage)
-        db_usage(MODIFY_POLICY);
+       db_usage(MODIFY_POLICY);
 
     if (retval) {
-        if (!no_msg)
-            com_err(me, retval, "while modifying policy object");
+       if (!no_msg)
+           com_err(me, retval, "while modifying policy object");
 
-        exit_status++;
+       exit_status++;
     }
 
     return;
 }
 
 
-/* 
+/*
  * This function will display information about the given policy object,
  * fetching the information from the LDAP Server.
  */
@@ -673,20 +642,20 @@ kdb5_ldap_view_policy(argc, argv)
     int mask = 0;
 
     if (argc != 2) {
-        goto err_usage;
+       goto err_usage;
     }
 
     policydn = strdup(argv[1]);
     if (policydn == NULL) {
-        com_err(me, ENOMEM, "while viewing policy");
-        exit_status++;
-        goto cleanup;
+       com_err(me, ENOMEM, "while viewing policy");
+       exit_status++;
+       goto cleanup;
     }
 
     if ((retval = krb5_ldap_read_policy(util_context, policydn, &policyparams, &mask))) {
-        com_err(me, retval, "while viewing policy '%s'", policydn );
-        exit_status++;
-        goto cleanup;
+       com_err(me, retval, "while viewing policy '%s'", policydn);
+       exit_status++;
+       goto cleanup;
     }
 
     print_policy_params (policyparams, mask);
@@ -703,15 +672,15 @@ cleanup:
        free (policydn);
 
     if (print_usage) {
-        db_usage(VIEW_POLICY);
+       db_usage(VIEW_POLICY);
     }
 
     return;
 }
 
 
-/* 
- * This function will print the policy object information to the 
+/*
+ * This function will print the policy object information to the
  * standard output.
  */
 static void
@@ -724,59 +693,59 @@ print_policy_params(policyparams, mask)
 
     /* Print max. ticket life and max. renewable life, if present */
     if (mask & LDAP_POLICY_MAXTKTLIFE)
-        printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
+       printf("%25s: %s\n", "Maximum ticket life", strdur(policyparams->maxtktlife));
     if (mask & LDAP_POLICY_MAXRENEWLIFE)
-        printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
+       printf("%25s: %s\n", "Maximum renewable life", strdur(policyparams->maxrenewlife));
 
     /* Service flags are printed */
     printf("%25s: ", "Ticket flags");
     if (mask & LDAP_POLICY_TKTFLAGS) {
-        int ticketflags = policyparams->tktflags;
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
-            printf("%s ","DISALLOW_POSTDATED");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
-            printf("%s ","DISALLOW_FORWARDABLE");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
-            printf("%s ","DISALLOW_RENEWABLE");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
-            printf("%s ","DISALLOW_PROXIABLE");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
-            printf("%s ","DISALLOW_DUP_SKEY");
-       
-        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
-            printf("%s ","REQUIRES_PRE_AUTH");
-       
-        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
-            printf("%s ","REQUIRES_HW_AUTH");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
-            printf("%s ","DISALLOW_SVR");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
-            printf("%s ","DISALLOW_TGT_BASED");
-       
-        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
-            printf("%s ","DISALLOW_ALL_TIX");
-       
-        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
-            printf("%s ","REQUIRES_PWCHANGE");
-       
-        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
-            printf("%s ","PWCHANGE_SERVICE");
+       int ticketflags = policyparams->tktflags;
+
+       if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+           printf("%s ","DISALLOW_POSTDATED");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+           printf("%s ","DISALLOW_FORWARDABLE");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+           printf("%s ","DISALLOW_RENEWABLE");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+           printf("%s ","DISALLOW_PROXIABLE");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+           printf("%s ","DISALLOW_DUP_SKEY");
+
+       if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+           printf("%s ","REQUIRES_PRE_AUTH");
+
+       if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+           printf("%s ","REQUIRES_HW_AUTH");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+           printf("%s ","DISALLOW_SVR");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+           printf("%s ","DISALLOW_TGT_BASED");
+
+       if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+           printf("%s ","DISALLOW_ALL_TIX");
+
+       if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+           printf("%s ","REQUIRES_PWCHANGE");
+
+       if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+           printf("%s ","PWCHANGE_SERVICE");
     }
     printf("\n");
-    
+
     return;
 }
 
 
-/* 
- * This function will list the DNs of policy objects under a specific 
+/*
+ * This function will list the DNs of policy objects under a specific
  * sub-tree (entire tree by default)
  */
 void kdb5_ldap_list_policies(argc, argv)
@@ -797,22 +766,22 @@ void kdb5_ldap_list_policies(argc, argv)
 
     /* Parse base DN argument if present */
     if (argc == 3) {
-        if (strcmp(argv[1], "-basedn"))
-            goto err_usage;
-
-        basedn = strdup(argv[2]);
-        if (basedn == NULL) {
-            retval = ENOMEM;
-            goto cleanup;
-        }
+       if (strcmp(argv[1], "-basedn"))
+           goto err_usage;
+
+       basedn = strdup(argv[2]);
+       if (basedn == NULL) {
+           retval = ENOMEM;
+           goto cleanup;
+       }
     }
 
     retval = krb5_ldap_list_policy(util_context, basedn, &list);
     if ((retval != 0) || (list == NULL))
-        goto cleanup;
+       goto cleanup;
 
     for (plist = list; *plist != NULL; plist++) {
-        printf("%s\n", *plist);
+       printf("%s\n", *plist);
     }
 
     goto cleanup;
@@ -822,20 +791,20 @@ err_usage:
 
 cleanup:
     if (list != NULL) {
-        krb5_free_list_entries (list);
-        free (list);
+       krb5_free_list_entries (list);
+       free (list);
     }
 
     if (basedn)
        free (basedn);
 
     if (print_usage) {
-        db_usage(LIST_POLICY);
+       db_usage(LIST_POLICY);
     }
 
     if (retval) {
-        com_err(me, retval, "while listing policy objects");
-        exit_status++;
+       com_err(me, retval, "while listing policy objects");
+       exit_status++;
     }
 
     return;
@@ -867,4 +836,3 @@ static char *strdur(duration)
            hours, minutes, seconds);
     return out;
 }
-
index 55b0690ecae1d70ca80f39767a9e9cb9d6d2d733..b0c1f6ed56b81efa6b5287702773f22c4c35a74f 100644 (file)
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -44,7 +44,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
@@ -102,19 +102,19 @@ struct realm_info rblock = {
 };
 
 krb5_data tgt_princ_entries[] = {
-       {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
-       {0, 0, 0} };
+    {0, KRB5_TGS_NAME_SIZE, KRB5_TGS_NAME},
+    {0, 0, 0} };
 
 krb5_data db_creator_entries[] = {
-       {0, sizeof("db_creation")-1, "db_creation"} };
+    {0, sizeof("db_creation")-1, "db_creation"} };
 
 
 static krb5_principal_data db_create_princ = {
-        0,                                     /* magic number */
-       {0, 0, 0},                              /* krb5_data realm */
-       db_creator_entries,                     /* krb5_data *data */
-       1,                                      /* int length */
-       KRB5_NT_SRV_INST                        /* int type */
+    0,                                 /* magic number */
+    {0, 0, 0},                         /* krb5_data realm */
+    db_creator_entries,                        /* krb5_data *data */
+    1,                                 /* int length */
+    KRB5_NT_SRV_INST                   /* int type */
 };
 
 extern char *mkey_password;
@@ -123,7 +123,7 @@ extern kadm5_config_params global_params;
 
 static void print_realm_params(krb5_ldap_realm_params *rparams, int mask);
 static int kdb_ldap_create_principal (krb5_context context, krb5_principal
-               princ, enum ap_op op, struct realm_info *pblock);
+                                     princ, enum ap_op op, struct realm_info *pblock);
 
 
 static char *strdur(time_t duration);
@@ -131,185 +131,174 @@ static int get_ticket_policy(krb5_ldap_realm_params *rparams, int *i, char *argv
 
 
 static int get_ticket_policy(rparams,i,argv,argc)
-       krb5_ldap_realm_params *rparams;
-       int *i;
-       char *argv[];
-       int argc;
+    krb5_ldap_realm_params *rparams;
+    int *i;
+    char *argv[];
+    int argc;
 {
-       time_t date;
-       time_t now;
-       time(&now);
-       int mask = 0;
-       krb5_error_code retval = 0;
-       krb5_boolean no_msg = FALSE;
-
-       krb5_boolean print_usage = FALSE;
-       char *me = argv[0];
-       if (!strcmp(argv[*i], "-maxtktlife")) {
-               if (++(*i) > argc-1)
-                       goto err_usage;
-               date = get_date(argv[*i], NULL);
-               if (date == (time_t)(-1)) {
-                       retval = EINVAL;
-                       com_err (me, retval, "while providing time specification");
-                       goto err_nomsg;
-               }
-               rparams->max_life = date-now;
-               mask |= LDAP_REALM_MAXTICKETLIFE;
-       }
-
-
-       else if (!strcmp(argv[*i], "-maxrenewlife")) {
-               if (++(*i) > argc-1)
-                       goto err_usage;
-
-               date = get_date(argv[*i], NULL);
-               if (date == (time_t)(-1)) {
-                       retval = EINVAL;
-                       com_err (me, retval, "while providing time specification");
-                       goto err_nomsg;
-               }
-               rparams->max_renewable_life = date-now;
-               mask |= LDAP_REALM_MAXRENEWLIFE;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
-
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-
-       else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
-               else
-                       goto err_usage;
-
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_svr")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
-               else
-                       goto err_usage;
+    time_t date;
+    time_t now;
+    time(&now);
+    int mask = 0;
+    krb5_error_code retval = 0;
+    krb5_boolean no_msg = FALSE;
 
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
+    krb5_boolean print_usage = FALSE;
+    char *me = argv[0];
+    if (!strcmp(argv[*i], "-maxtktlife")) {
+       if (++(*i) > argc-1)
+           goto err_usage;
+       date = get_date(argv[*i], NULL);
+       if (date == (time_t)(-1)) {
+           retval = EINVAL;
+           com_err (me, retval, "while providing time specification");
+           goto err_nomsg;
        }
-       else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
-               else
-                       goto err_usage;
+       rparams->max_life = date-now;
+       mask |= LDAP_REALM_MAXTICKETLIFE;
+    }
 
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "allow_tix")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
-               else
-                       goto err_usage;
 
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
-       }
-       else if (!strcmp((argv[*i] + 1), "needchange")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
-               else
-                       goto err_usage;
+    else if (!strcmp(argv[*i], "-maxrenewlife")) {
+       if (++(*i) > argc-1)
+           goto err_usage;
 
-               mask |= LDAP_REALM_KRBTICKETFLAGS;
+       date = get_date(argv[*i], NULL);
+       if (date == (time_t)(-1)) {
+           retval = EINVAL;
+           com_err (me, retval, "while providing time specification");
+           goto err_nomsg;
        }
-       else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
-               if (*(argv[*i]) == '+')
-                       rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
-               else if (*(argv[*i]) == '-')
-                       rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
-               else
-                       goto err_usage;
+       rparams->max_renewable_life = date-now;
+       mask |= LDAP_REALM_MAXRENEWLIFE;
+    } else if (!strcmp((argv[*i] + 1), "allow_postdated")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_POSTDATED);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_POSTDATED;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_forwardable")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_FORWARDABLE);
+
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_FORWARDABLE;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_renewable")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_RENEWABLE);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_RENEWABLE;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_proxiable")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_PROXIABLE);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_PROXIABLE;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_dup_skey")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_DUP_SKEY);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_DUP_SKEY;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    }
 
-               mask |=LDAP_REALM_KRBTICKETFLAGS;
-       }
+    else if (!strcmp((argv[*i] + 1), "requires_preauth")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags |= KRB5_KDB_REQUIRES_PRE_AUTH;
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PRE_AUTH);
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "requires_hwauth")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags |= KRB5_KDB_REQUIRES_HW_AUTH;
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_HW_AUTH);
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_svr")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_SVR);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_SVR;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_tgs_req")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_TGT_BASED);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_TGT_BASED;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "allow_tix")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags &= (int)(~KRB5_KDB_DISALLOW_ALL_TIX);
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags |= KRB5_KDB_DISALLOW_ALL_TIX;
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "needchange")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags |= KRB5_KDB_REQUIRES_PWCHANGE;
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags &= (int)(~KRB5_KDB_REQUIRES_PWCHANGE);
+       else
+           goto err_usage;
+
+       mask |= LDAP_REALM_KRBTICKETFLAGS;
+    } else if (!strcmp((argv[*i] + 1), "password_changing_service")) {
+       if (*(argv[*i]) == '+')
+           rparams->tktflags |= KRB5_KDB_PWCHANGE_SERVICE;
+       else if (*(argv[*i]) == '-')
+           rparams->tktflags &= (int)(~KRB5_KDB_PWCHANGE_SERVICE);
+       else
+           goto err_usage;
+
+       mask |=LDAP_REALM_KRBTICKETFLAGS;
+    }
 err_usage:
-       print_usage = TRUE;
+    print_usage = TRUE;
 
 err_nomsg:
-       no_msg = TRUE;
+    no_msg = TRUE;
 
-       return mask;
+    return mask;
 }
 
 /*
- * This function will create a realm on the LDAP Server, with 
+ * This function will create a realm on the LDAP Server, with
  * the specified attributes.
  */
 void kdb5_ldap_create(argc, argv)
-   int argc;
-   char *argv[];
+    int argc;
+    char *argv[];
 {
     krb5_error_code retval = 0;
     krb5_keyblock master_keyblock;
@@ -334,114 +323,107 @@ void kdb5_ldap_create(argc, argv)
     memset(&master_keyblock, 0, sizeof(master_keyblock));
 
     rparams = (krb5_ldap_realm_params *)malloc(
-                sizeof(krb5_ldap_realm_params));
+       sizeof(krb5_ldap_realm_params));
     if (rparams == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
     memset(rparams, 0, sizeof(krb5_ldap_realm_params));
 
     /* Parse the arguments */
     for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-subtree")) {
-            if (++i > argc-1)
-                goto err_usage;
-            rparams->subtree = strdup(argv[i]);
-            if (rparams->subtree == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_SUBTREE;
-        }
-        else if (!strcmp(argv[i], "-sscope")) {
-            if (++i > argc-1)
-                goto err_usage;
-            /* Possible values for search scope are
-             * one (or 1) and sub (or 2)
-             */
-            if (!strcasecmp(argv[i], "one")) {
-                rparams->search_scope = 1;
-            }
-            else if (!strcasecmp(argv[i], "sub")) {
-                rparams->search_scope = 2;
-            }
-            else {
-                rparams->search_scope = atoi(argv[i]);
-                if ((rparams->search_scope != 1) && 
-                    (rparams->search_scope != 2)) {
-                    com_err(argv[0], EINVAL,
-                        "invalid search scope while creating realm '%s'",
-                        global_params.realm);
-                    goto err_nomsg;
-                }
-            }
-            mask |= LDAP_REALM_SEARCHSCOPE;
-        }
+       if (!strcmp(argv[i], "-subtree")) {
+           if (++i > argc-1)
+               goto err_usage;
+           rparams->subtree = strdup(argv[i]);
+           if (rparams->subtree == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_SUBTREE;
+       } else if (!strcmp(argv[i], "-sscope")) {
+           if (++i > argc-1)
+               goto err_usage;
+           /* Possible values for search scope are
+            * one (or 1) and sub (or 2)
+            */
+           if (!strcasecmp(argv[i], "one")) {
+               rparams->search_scope = 1;
+           } else if (!strcasecmp(argv[i], "sub")) {
+               rparams->search_scope = 2;
+           } else {
+               rparams->search_scope = atoi(argv[i]);
+               if ((rparams->search_scope != 1) &&
+                   (rparams->search_scope != 2)) {
+                   com_err(argv[0], EINVAL,
+                           "invalid search scope while creating realm '%s'",
+                           global_params.realm);
+                   goto err_nomsg;
+               }
+           }
+           mask |= LDAP_REALM_SEARCHSCOPE;
+       }
 #ifdef HAVE_EDIRECTORY
-        else if (!strcmp(argv[i], "-kdcdn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            rparams->kdcservers = (char **)malloc(
-                            sizeof(char *) * MAX_LIST_ENTRIES);
-            if (rparams->kdcservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                            rparams->kdcservers))) {
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_KDCSERVERS;
-        }
-        else if (!strcmp(argv[i], "-admindn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            rparams->adminservers = (char **)malloc(
-                            sizeof(char *) * MAX_LIST_ENTRIES);
-            if (rparams->adminservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                            rparams->adminservers))) {
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_ADMINSERVERS;
-        }
-        else if (!strcmp(argv[i], "-pwddn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            rparams->passwdservers = (char **)malloc(
-                            sizeof(char *) * MAX_LIST_ENTRIES);
-            if (rparams->passwdservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                            rparams->passwdservers))) {
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_PASSWDSERVERS;
-        }
+       else if (!strcmp(argv[i], "-kdcdn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           rparams->kdcservers = (char **)malloc(
+               sizeof(char *) * MAX_LIST_ENTRIES);
+           if (rparams->kdcservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           memset(rparams->kdcservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         rparams->kdcservers))) {
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_KDCSERVERS;
+       } else if (!strcmp(argv[i], "-admindn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           rparams->adminservers = (char **)malloc(
+               sizeof(char *) * MAX_LIST_ENTRIES);
+           if (rparams->adminservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           memset(rparams->adminservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         rparams->adminservers))) {
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_ADMINSERVERS;
+       } else if (!strcmp(argv[i], "-pwddn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           rparams->passwdservers = (char **)malloc(
+               sizeof(char *) * MAX_LIST_ENTRIES);
+           if (rparams->passwdservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           memset(rparams->passwdservers, 0, sizeof(char*)*MAX_LIST_ENTRIES);
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         rparams->passwdservers))) {
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_PASSWDSERVERS;
+       }
 #endif
-        else if (!strcmp(argv[i], "-s")) {
-            do_stash = 1;
-        }
-         else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0)
-        {
-                mask|=ret_mask;
-        }
-
-        else {
-            printf("'%s' is an invalid option\n", argv[i]);
-            goto err_usage;
-        }
+       else if (!strcmp(argv[i], "-s")) {
+           do_stash = 1;
+       } else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+           mask|=ret_mask;
+       }
+
+       else {
+           printf("'%s' is an invalid option\n", argv[i]);
+           goto err_usage;
+       }
     }
 
-    /* If the default enctype/salttype is not provided, use the 
+    /* If the default enctype/salttype is not provided, use the
      * default values and also add to the list of supported
      * enctypes/salttype
      */
@@ -471,7 +453,7 @@ void kdb5_ldap_create(argc, argv)
                                    pw_str, &pw_size);
        if (retval) {
            com_err(argv[0], retval, "while reading master key from keyboard");
-            goto err_nomsg;
+           goto err_nomsg;
        }
        mkey_password = pw_str;
     }
@@ -481,124 +463,122 @@ void kdb5_ldap_create(argc, argv)
     rparams->mkey.length = strlen(mkey_password) + 1;
     rparams->mkey.contents = (krb5_octet *)strdup(mkey_password);
     if (rparams->mkey.contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
 
     rparams->realm_name = strdup(global_params.realm);
     if (rparams->realm_name == NULL) {
-        retval = ENOMEM;
-        com_err(argv[0], ENOMEM, "while creating realm '%s'",
-                   global_params.realm);
-        goto err_nomsg;
+       retval = ENOMEM;
+       com_err(argv[0], ENOMEM, "while creating realm '%s'",
+               global_params.realm);
+       goto err_nomsg;
     }
 
     dal_handle = (kdb5_dal_handle *) util_context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!ldap_context) {
-        retval = EINVAL;
-        goto cleanup;
+       retval = EINVAL;
+       goto cleanup;
     }
 
     /* read the kerberos container */
-    if ((retval=krb5_ldap_read_krbcontainer_params (util_context, 
-                &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
-        /* Prompt the user for entering the DN of Kerberos container */
-        char krb_location[MAX_KRB_CONTAINER_LEN];
-        krb5_ldap_krbcontainer_params kparams;
-        int krb_location_len = 0;
-        memset(&kparams, 0, sizeof(kparams));
+    if ((retval=krb5_ldap_read_krbcontainer_params (util_context,
+                                                   &(ldap_context->krbcontainer))) == KRB5_KDB_NOENTRY) {
+       /* Prompt the user for entering the DN of Kerberos container */
+       char krb_location[MAX_KRB_CONTAINER_LEN];
+       krb5_ldap_krbcontainer_params kparams;
+       int krb_location_len = 0;
+       memset(&kparams, 0, sizeof(kparams));
 
        /* Read the kerberos container location from configuration file */
-        if (ldap_context->conf_section) {
-            if ((retval=profile_get_string(util_context->profile, 
-                                KDB_MODULE_SECTION, ldap_context->conf_section,
-                                "ldap_kerberos_container_dn", NULL, 
-                                &kparams.DN)) != 0) {
-                goto cleanup;
-            }
-        }
-        if (kparams.DN == NULL) {
-            if ((retval=profile_get_string(util_context->profile,
-                                KDB_MODULE_DEF_SECTION, 
-                                "ldap_kerberos_container_dn", NULL, 
-                                NULL, &kparams.DN)) != 0) {
-               goto cleanup;
-            }
-        }
-
-        printf("\nKerberos container is missing. Creating now...\n");
-        if (kparams.DN == NULL) {
+       if (ldap_context->conf_section) {
+           if ((retval=profile_get_string(util_context->profile,
+                                          KDB_MODULE_SECTION, ldap_context->conf_section,
+                                          "ldap_kerberos_container_dn", NULL,
+                                          &kparams.DN)) != 0) {
+               goto cleanup;
+           }
+       }
+       if (kparams.DN == NULL) {
+           if ((retval=profile_get_string(util_context->profile,
+                                          KDB_MODULE_DEF_SECTION,
+                                          "ldap_kerberos_container_dn", NULL,
+                                          NULL, &kparams.DN)) != 0) {
+               goto cleanup;
+           }
+       }
+
+       printf("\nKerberos container is missing. Creating now...\n");
+       if (kparams.DN == NULL) {
 #ifdef HAVE_EDIRECTORY
-            printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
+           printf("Enter DN of Kerberos container [cn=Kerberos,cn=Security]: ");
 #else
-            printf("Enter DN of Kerberos container: ");
+           printf("Enter DN of Kerberos container: ");
 #endif
-            if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
-                /* Remove the newline character at the end */
-                krb_location_len = strlen(krb_location);
-                if ((krb_location[krb_location_len - 1] == '\n') ||
-                    (krb_location[krb_location_len - 1] == '\r')) {
-                    krb_location[krb_location_len - 1] = '\0';
-                    krb_location_len--;
-                }
-                /* If the user has not given any input, take the default location */
-                else if (krb_location[0] == '\0')
-                    kparams.DN = NULL;
-                else
-                    kparams.DN = krb_location;
-            }
-            else
-                kparams.DN = NULL;
+           if (fgets(krb_location, MAX_KRB_CONTAINER_LEN, stdin) != NULL) {
+               /* Remove the newline character at the end */
+               krb_location_len = strlen(krb_location);
+               if ((krb_location[krb_location_len - 1] == '\n') ||
+                   (krb_location[krb_location_len - 1] == '\r')) {
+                   krb_location[krb_location_len - 1] = '\0';
+                   krb_location_len--;
+               }
+               /* If the user has not given any input, take the default location */
+               else if (krb_location[0] == '\0')
+                   kparams.DN = NULL;
+               else
+                   kparams.DN = krb_location;
+           } else
+               kparams.DN = NULL;
        }
 
-        /* create the kerberos container */
-        retval = krb5_ldap_create_krbcontainer(util_context,
-                ((kparams.DN != NULL) ? &kparams : NULL));
-        if (retval)
-            goto cleanup;
-
-        retval = krb5_ldap_read_krbcontainer_params(util_context,
-                        &(ldap_context->krbcontainer));
-        if (retval) {
-            com_err(argv[0], retval, "while reading kerberos container information");
-            goto cleanup;
-        }
-    }
-    else if (retval) {
-        com_err(argv[0], retval, "while reading kerberos container information");
-        goto cleanup;
+       /* create the kerberos container */
+       retval = krb5_ldap_create_krbcontainer(util_context,
+                                              ((kparams.DN != NULL) ? &kparams : NULL));
+       if (retval)
+           goto cleanup;
+
+       retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                   &(ldap_context->krbcontainer));
+       if (retval) {
+           com_err(argv[0], retval, "while reading kerberos container information");
+           goto cleanup;
+       }
+    } else if (retval) {
+       com_err(argv[0], retval, "while reading kerberos container information");
+       goto cleanup;
     }
 
     if ((retval = krb5_ldap_create_realm(util_context,
-        /* global_params.realm, */ rparams, mask))) {
-        goto cleanup;
+                                        /* global_params.realm, */ rparams, mask))) {
+       goto cleanup;
     }
 
     /* We just created the Realm container. Here starts our transaction tracking */
     realm_obj_created = TRUE;
 
-    if ((retval = krb5_ldap_read_realm_params(util_context, 
-                                             global_params.realm, 
-                                             &(ldap_context->lrparams), 
+    if ((retval = krb5_ldap_read_realm_params(util_context,
+                                             global_params.realm,
+                                             &(ldap_context->lrparams),
                                              &mask))) {
-        com_err(argv[0], retval, "while reading information of realm '%s'",
+       com_err(argv[0], retval, "while reading information of realm '%s'",
                global_params.realm);
-        goto err_nomsg;
+       goto err_nomsg;
     }
     ldap_context->lrparams->realm_name = strdup(global_params.realm);
     if (ldap_context->lrparams->realm_name == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
 
     /* assemble & parse the master key name */
     if ((retval = krb5_db_setup_mkey_name(util_context,
-                                          global_params.mkey_name,
-                                          global_params.realm,
-                                          0, &master_princ))) {
-        com_err(argv[0], retval, "while setting up master key name");
-        goto err_nomsg;
+                                         global_params.mkey_name,
+                                         global_params.realm,
+                                         0, &master_princ))) {
+       com_err(argv[0], retval, "while setting up master key name");
+       goto err_nomsg;
     }
 
     /* Obtain master key from master password */
@@ -613,8 +593,8 @@ void kdb5_ldap_create(argc, argv)
            goto err_nomsg;
        }
 
-       retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype, 
-               &pwd, &master_salt, &master_keyblock);
+       retval = krb5_c_string_to_key(util_context, rparams->mkey.enctype,
+                                     &pwd, &master_salt, &master_keyblock);
 
        if (master_salt.data)
            free(master_salt.data);
@@ -631,15 +611,15 @@ void kdb5_ldap_create(argc, argv)
     ldap_context->lrparams->mkey.contents = (krb5_octet *) malloc
        (master_keyblock.length);
     if (ldap_context->lrparams->mkey.contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
     memcpy (ldap_context->lrparams->mkey.contents, master_keyblock.contents,
-                               master_keyblock.length);
+           master_keyblock.length);
 
     /* Create special principals inside the realm subtree */
     {
-        char princ_name[MAX_PRINC_SIZE];
+       char princ_name[MAX_PRINC_SIZE];
        struct hostent *hp = NULL;
        krb5_principal_data tgt_princ = {
            0,                                  /* magic number */
@@ -691,7 +671,7 @@ void kdb5_ldap_create(argc, argv)
        krb5_free_principal(util_context, p);
 
        /* Create 'kadmin/changepw' ... */
-       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm); 
+       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_CHANGEPW_SERVICE, global_params.realm);
        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
            com_err(argv[0], retval, "while adding entries to the database");
            goto err_nomsg;
@@ -706,7 +686,7 @@ void kdb5_ldap_create(argc, argv)
        krb5_free_principal(util_context, p);
 
        /* Create 'kadmin/history' ... */
-       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);   
+       snprintf(princ_name, sizeof(princ_name), "%s@%s", KADM5_HIST_PRINCIPAL, global_params.realm);
        if ((retval = krb5_parse_name(util_context, princ_name, &p))) {
            com_err(argv[0], retval, "while adding entries to the database");
            goto err_nomsg;
@@ -721,22 +701,22 @@ void kdb5_ldap_create(argc, argv)
 
        /* Create 'kadmin/<hostname>' ... */
        if ((retval=krb5_sname_to_principal(util_context, NULL, "kadmin", KRB5_NT_SRV_HST, &p))) {
-            com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database");
-            goto err_nomsg;
+           com_err(argv[0], retval, "krb5_sname_to_principal, while adding entries to the database");
+           goto err_nomsg;
        }
 
-       if((retval=krb5_copy_principal(util_context, p, &temp_p))) {
-            com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database");
-            goto err_nomsg;
+       if ((retval=krb5_copy_principal(util_context, p, &temp_p))) {
+           com_err(argv[0], retval, "krb5_copy_principal, while adding entries to the database");
+           goto err_nomsg;
        }
-       
+
        /* change the realm portion to the default realm */
-       free( temp_p->realm.data );
-       temp_p->realm.length = strlen( util_context->default_realm );
-       temp_p->realm.data = strdup( util_context->default_realm );
-       if( temp_p->realm.data == NULL ) {
-            com_err(argv[0], ENOMEM, "while adding entries to the database");
-            goto err_nomsg;
+       free(temp_p->realm.data);
+       temp_p->realm.length = strlen(util_context->default_realm);
+       temp_p->realm.data = strdup(util_context->default_realm);
+       if (temp_p->realm.data == NULL) {
+           com_err(argv[0], ENOMEM, "while adding entries to the database");
+           goto err_nomsg;
        }
 
        rblock.flags = KRB5_KDB_DISALLOW_TGT_BASED;
@@ -755,55 +735,55 @@ void kdb5_ldap_create(argc, argv)
     }
 
 #ifdef HAVE_EDIRECTORY
-    if(mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-       (mask & LDAP_REALM_PASSWDSERVERS) ) {
-       
+    if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
+       (mask & LDAP_REALM_PASSWDSERVERS)) {
+
        printf("Changing rights for the service object. Please wait ... ");
        fflush(stdout);
 
        rightsmask =0;
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
-           for ( i=0; (rparams->kdcservers[i] != NULL); i++) {
-               if((retval=krb5_ldap_add_service_rights( util_context,
-                        LDAP_KDC_SERVICE, rparams->kdcservers[i], 
-                        rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+       if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+           for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+               if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                        LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                        rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                    printf("failed\n");
                    com_err(argv[0], retval, "while assigning rights to '%s'",
-                        rparams->realm_name);
+                           rparams->realm_name);
                    goto err_nomsg;
                }
            }
        }
-       
+
        rightsmask = 0;
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
-           for ( i=0; (rparams->adminservers[i] != NULL); i++) {
-               if((retval=krb5_ldap_add_service_rights( util_context,
-                        LDAP_ADMIN_SERVICE, rparams->adminservers[i], 
-                        rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+       if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+           for (i=0; (rparams->adminservers[i] != NULL); i++) {
+               if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                        LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                        rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                    printf("failed\n");
                    com_err(argv[0], retval, "while assigning rights to '%s'",
-                        rparams->realm_name);
+                           rparams->realm_name);
                    goto err_nomsg;
                }
            }
        }
-       
+
        rightsmask = 0;
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
-           for ( i=0; (rparams->passwdservers[i] != NULL); i++) {
-               if((retval=krb5_ldap_add_service_rights( util_context,
-                       LDAP_PASSWD_SERVICE, rparams->passwdservers[i], 
-                       rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+       if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+           for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+               if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                        LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                        rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                    printf("failed\n");
                    com_err(argv[0], retval, "while assigning rights to '%s'",
-                       rparams->realm_name);
+                           rparams->realm_name);
                    goto err_nomsg;
                }
            }
@@ -817,14 +797,14 @@ void kdb5_ldap_create(argc, argv)
 
     /* Stash the master key only if '-s' option is specified */
     if (do_stash || global_params.mask & KADM5_CONFIG_STASH_FILE) {
-        retval = krb5_def_store_mkey(util_context,
-                                     global_params.stash_file,
-                                     master_princ,
-                                     &master_keyblock, NULL);
-        if (retval) {
+       retval = krb5_def_store_mkey(util_context,
+                                    global_params.stash_file,
+                                    master_princ,
+                                    &master_keyblock, NULL);
+       if (retval) {
            com_err(argv[0], errno, "while storing key");
            printf("Warning: couldn't stash master key.\n");
-        }
+       }
     }
 
     goto cleanup;
@@ -839,10 +819,10 @@ err_nomsg:
 cleanup:
     /* If the Realm creation is not complete, do the roll-back here */
     if ((realm_obj_created) && (!create_complete))
-        krb5_ldap_delete_realm(util_context, global_params.realm);
+       krb5_ldap_delete_realm(util_context, global_params.realm);
 
     if (rparams)
-        krb5_ldap_free_realm_params(rparams);
+       krb5_ldap_free_realm_params(rparams);
 
     memset (pw_str, 0, sizeof (pw_str));
 
@@ -850,14 +830,14 @@ cleanup:
        ldap_context->lrparams->subtree = oldsubtree;
 
     if (print_usage)
-        db_usage(CREATE_REALM);
+       db_usage(CREATE_REALM);
 
     if (retval) {
-        if (!no_msg) {
-            com_err(argv[0], retval, "while creating realm '%s'",
-                global_params.realm);
-        }
-        exit_status++;
+       if (!no_msg) {
+           com_err(argv[0], retval, "while creating realm '%s'",
+                   global_params.realm);
+       }
+       exit_status++;
     }
 
     return;
@@ -901,32 +881,32 @@ void kdb5_ldap_modify(argc, argv)
     dal_handle = (kdb5_dal_handle *) util_context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-        retval = EINVAL;
-        goto cleanup;
+       retval = EINVAL;
+       goto cleanup;
     }
 
-    if((retval = krb5_ldap_read_krbcontainer_params(util_context, 
-                       &(ldap_context->krbcontainer)))) {
-      com_err(argv[0], retval, "while reading Kerberos container information");
-      goto err_nomsg;
+    if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer)))) {
+       com_err(argv[0], retval, "while reading Kerberos container information");
+       goto err_nomsg;
     }
 
-    retval = krb5_ldap_read_realm_params(util_context, 
-                       global_params.realm, &rparams, &rmask);
+    retval = krb5_ldap_read_realm_params(util_context,
+                                        global_params.realm, &rparams, &rmask);
     if (retval)
-        goto cleanup;
+       goto cleanup;
 
     /* Parse the arguments */
     for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-subtree")) {
-            if (++i > argc-1)
-                goto err_usage;
+       if (!strcmp(argv[i], "-subtree")) {
+           if (++i > argc-1)
+               goto err_usage;
 
            if (rmask & LDAP_REALM_SUBTREE) {
-               if( rparams->subtree ) {
+               if (rparams->subtree) {
 #ifdef HAVE_EDIRECTORY
                    oldsubtree = strdup(rparams->subtree);
-                   if( oldsubtree == NULL ) {
+                   if (oldsubtree == NULL) {
                        retval = ENOMEM;
                        goto cleanup;
                    }
@@ -934,472 +914,456 @@ void kdb5_ldap_modify(argc, argv)
                    free(rparams->subtree);
                }
            }
-            rparams->subtree = strdup(argv[i]);
-            if (rparams->subtree == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_SUBTREE;
-        }
-        else if (!strcmp(argv[i], "-sscope")) {
-            if (++i > argc-1)
-                goto err_usage;
-            /* Possible values for search scope are
-             * one (or 1) and sub (or 2)
-             */
-            if (strcasecmp(argv[i], "one") == 0) {
-                rparams->search_scope = 1;
-            }
-            else if (strcasecmp(argv[i], "sub") == 0) {
-                rparams->search_scope = 2;
-            }
-            else {
-                rparams->search_scope = atoi(argv[i]);
-                if ((rparams->search_scope != 1) && 
-                    (rparams->search_scope != 2)) {
-                    retval = EINVAL;
-                    com_err(argv[0], retval,
-                        "specified for search scope while modifying information of realm '%s'",
-                        global_params.realm);
-                    goto err_nomsg;
-                }
-            }
-            mask |= LDAP_REALM_SEARCHSCOPE;
-        }
+           rparams->subtree = strdup(argv[i]);
+           if (rparams->subtree == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_SUBTREE;
+       } else if (!strcmp(argv[i], "-sscope")) {
+           if (++i > argc-1)
+               goto err_usage;
+           /* Possible values for search scope are
+            * one (or 1) and sub (or 2)
+            */
+           if (strcasecmp(argv[i], "one") == 0) {
+               rparams->search_scope = 1;
+           } else if (strcasecmp(argv[i], "sub") == 0) {
+               rparams->search_scope = 2;
+           } else {
+               rparams->search_scope = atoi(argv[i]);
+               if ((rparams->search_scope != 1) &&
+                   (rparams->search_scope != 2)) {
+                   retval = EINVAL;
+                   com_err(argv[0], retval,
+                           "specified for search scope while modifying information of realm '%s'",
+                           global_params.realm);
+                   goto err_nomsg;
+               }
+           }
+           mask |= LDAP_REALM_SEARCHSCOPE;
+       }
 #ifdef HAVE_EDIRECTORY
-        else if (!strcmp(argv[i], "-kdcdn")) {
-            if (++i > argc-1)
-                goto err_usage;
+       else if (!strcmp(argv[i], "-kdcdn")) {
+           if (++i > argc-1)
+               goto err_usage;
 
            if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
                if (!oldkdcdns) {
-                   /* Store the old kdc dns list for removing rights */
-                   oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldkdcdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-           
-                   for (j=0; rparams->kdcservers[j] != NULL; j++) {
-                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-                       if (oldkdcdns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldkdcdns[j] = NULL;
-                }
-
-                krb5_free_list_entries(rparams->kdcservers);
-                free(rparams->kdcservers);
-            }
-
-            rparams->kdcservers = (char **)malloc(
-                            sizeof(char *) * MAX_LIST_ENTRIES);
-            if (rparams->kdcservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                            rparams->kdcservers))) {
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_KDCSERVERS;
-            /* Going to replace the existing value by this new value. Hence
-             * setting flag indicating that add or clear options will be ignored
-             */
-            newkdcdn = 1;
-        }
-        else if (!strcmp(argv[i], "-clearkdcdn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
+                   /* Store the old kdc dns list for removing rights */
+                   oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                   if (oldkdcdns == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+
+                   for (j=0; rparams->kdcservers[j] != NULL; j++) {
+                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                       if (oldkdcdns[j] == NULL) {
+                           retval = ENOMEM;
+                           goto cleanup;
+                       }
+                   }
+                   oldkdcdns[j] = NULL;
+               }
+
+               krb5_free_list_entries(rparams->kdcservers);
+               free(rparams->kdcservers);
+           }
+
+           rparams->kdcservers = (char **)malloc(
+               sizeof(char *) * MAX_LIST_ENTRIES);
+           if (rparams->kdcservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           memset(rparams->kdcservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         rparams->kdcservers))) {
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_KDCSERVERS;
+           /* Going to replace the existing value by this new value. Hence
+            * setting flag indicating that add or clear options will be ignored
+            */
+           newkdcdn = 1;
+       } else if (!strcmp(argv[i], "-clearkdcdn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           if ((!newkdcdn) && (rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers)) {
                if (!oldkdcdns) {
                    /* Store the old kdc dns list for removing rights */
                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                    if (oldkdcdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
+                       retval = ENOMEM;
+                       goto cleanup;
                    }
-               
+
                    for (j=0; rparams->kdcservers[j] != NULL; j++) {
-                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-                       if (oldkdcdns[j] == NULL) {
+                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                       if (oldkdcdns[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldkdcdns[j] = NULL;
-                }
+               }
 
                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                    goto cleanup;
-                }
-                list_modify_str_array(&rparams->kdcservers, (const char **)list,
-                    LIST_MODE_DELETE);
-                mask |= LDAP_REALM_KDCSERVERS;
-                krb5_free_list_entries(list);
-            }
-        }
-        else if (!strcmp(argv[i], "-addkdcdn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            if (!newkdcdn) {
-                if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                   goto cleanup;
+               }
+               list_modify_str_array(&rparams->kdcservers, (const char **)list,
+                                     LIST_MODE_DELETE);
+               mask |= LDAP_REALM_KDCSERVERS;
+               krb5_free_list_entries(list);
+           }
+       } else if (!strcmp(argv[i], "-addkdcdn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           if (!newkdcdn) {
+               if ((rmask & LDAP_REALM_KDCSERVERS) && (rparams->kdcservers) && (!oldkdcdns)) {
                    /* Store the old kdc dns list for removing rights */
                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                    if (oldkdcdns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+
+                   for (j = 0; rparams->kdcservers[j] != NULL; j++) {
+                       oldkdcdns[j] = strdup(rparams->kdcservers[j]);
+                       if (oldkdcdns[j] == NULL) {
+                           retval = ENOMEM;
+                           goto cleanup;
+                       }
                    }
-                    
-                    for (j = 0; rparams->kdcservers[j] != NULL; j++) {
-                        oldkdcdns[j] = strdup(rparams->kdcservers[j]);
-                        if (oldkdcdns[j] == NULL) {
-                            retval = ENOMEM;
-                            goto cleanup;
-                        }
-                    }
-                    oldkdcdns[j] = NULL;
-                }
+                   oldkdcdns[j] = NULL;
+               }
 
                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                    goto cleanup;
-                }
-                existing_entries = list_count_str_array(rparams->kdcservers);
-                list_entries = list_count_str_array(list);
-                if (rmask & LDAP_REALM_KDCSERVERS) {
-                    tempstr = (char **)realloc(
-                            rparams->kdcservers, 
-                            sizeof(char *) * (existing_entries+list_entries+1));
-                    if (tempstr == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    rparams->kdcservers = tempstr;
-                }
-                else {
-                    rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-                    if (rparams->kdcservers == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
-                }
-                list_modify_str_array(&rparams->kdcservers, (const char **)list,
-                    LIST_MODE_ADD);
-                mask |= LDAP_REALM_KDCSERVERS;
-            }
-        }
-        else if (!strcmp(argv[i], "-admindn")) {
-            if (++i > argc-1)
-                goto err_usage;
-
-            if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
-               if (!oldadmindns) {
-                   /* Store the old admin dns list for removing rights */
-                   oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldadmindns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-           
-                   for (j=0; rparams->adminservers[j] != NULL; j++) {
-                       oldadmindns[j] = strdup(rparams->adminservers[j]);
-                       if (oldadmindns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldadmindns[j] = NULL;
-                }
-            
-                krb5_free_list_entries(rparams->adminservers);
-                free(rparams->adminservers);
-            }
-            
-            rparams->adminservers = (char **)malloc(
-                            sizeof(char *) * MAX_LIST_ENTRIES);
-            if (rparams->adminservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                            rparams->adminservers))) {
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_ADMINSERVERS;
-            /* Going to replace the existing value by this new value. Hence
-             * setting flag indicating that add or clear options will be ignored
-             */
-            newadmindn = 1;
-        }
-        else if (!strcmp(argv[i], "-clearadmindn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            
-            if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                   goto cleanup;
+               }
+               existing_entries = list_count_str_array(rparams->kdcservers);
+               list_entries = list_count_str_array(list);
+               if (rmask & LDAP_REALM_KDCSERVERS) {
+                   tempstr = (char **)realloc(
+                       rparams->kdcservers,
+                       sizeof(char *) * (existing_entries+list_entries+1));
+                   if (tempstr == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   rparams->kdcservers = tempstr;
+               } else {
+                   rparams->kdcservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                   if (rparams->kdcservers == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   memset(rparams->kdcservers, 0, sizeof(char *) * (list_entries+1));
+               }
+               list_modify_str_array(&rparams->kdcservers, (const char **)list,
+                                     LIST_MODE_ADD);
+               mask |= LDAP_REALM_KDCSERVERS;
+           }
+       } else if (!strcmp(argv[i], "-admindn")) {
+           if (++i > argc-1)
+               goto err_usage;
+
+           if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
                if (!oldadmindns) {
-                    /* Store the old admin dns list for removing rights */
+                   /* Store the old admin dns list for removing rights */
                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                    if (oldadmindns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
+                       retval = ENOMEM;
+                       goto cleanup;
                    }
-               
+
                    for (j=0; rparams->adminservers[j] != NULL; j++) {
-                       oldadmindns[j] = strdup(rparams->adminservers[j]);
-                       if (oldadmindns[j] == NULL) {
+                       oldadmindns[j] = strdup(rparams->adminservers[j]);
+                       if (oldadmindns[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldadmindns[j] = NULL;
-                }
-
-                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                    goto cleanup;
-                }
-                list_modify_str_array(&rparams->adminservers, (const char **)list,
-                    LIST_MODE_DELETE);
-                mask |= LDAP_REALM_ADMINSERVERS;
-                krb5_free_list_entries(list);
-            }
-        }
-        else if (!strcmp(argv[i], "-addadmindn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            if (!newadmindn) {
+               }
+
+               krb5_free_list_entries(rparams->adminservers);
+               free(rparams->adminservers);
+           }
+
+           rparams->adminservers = (char **)malloc(
+               sizeof(char *) * MAX_LIST_ENTRIES);
+           if (rparams->adminservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           memset(rparams->adminservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         rparams->adminservers))) {
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_ADMINSERVERS;
+           /* Going to replace the existing value by this new value. Hence
+            * setting flag indicating that add or clear options will be ignored
+            */
+           newadmindn = 1;
+       } else if (!strcmp(argv[i], "-clearadmindn")) {
+           if (++i > argc-1)
+               goto err_usage;
+
+           if ((!newadmindn) && (rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers)) {
+               if (!oldadmindns) {
+                   /* Store the old admin dns list for removing rights */
+                   oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                   if (oldadmindns == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+
+                   for (j=0; rparams->adminservers[j] != NULL; j++) {
+                       oldadmindns[j] = strdup(rparams->adminservers[j]);
+                       if (oldadmindns[j] == NULL) {
+                           retval = ENOMEM;
+                           goto cleanup;
+                       }
+                   }
+                   oldadmindns[j] = NULL;
+               }
+
+               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                   goto cleanup;
+               }
+               list_modify_str_array(&rparams->adminservers, (const char **)list,
+                                     LIST_MODE_DELETE);
+               mask |= LDAP_REALM_ADMINSERVERS;
+               krb5_free_list_entries(list);
+           }
+       } else if (!strcmp(argv[i], "-addadmindn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           if (!newadmindn) {
                if ((rmask & LDAP_REALM_ADMINSERVERS) && (rparams->adminservers) && (!oldadmindns)) {
                    /* Store the old admin dns list for removing rights */
                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                    if (oldadmindns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
+                       retval = ENOMEM;
+                       goto cleanup;
                    }
-               
+
                    for (j=0; rparams->adminservers[j] != NULL; j++) {
-                       oldadmindns[j] = strdup(rparams->adminservers[j]);
-                       if (oldadmindns[j] == NULL) {
+                       oldadmindns[j] = strdup(rparams->adminservers[j]);
+                       if (oldadmindns[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldadmindns[j] = NULL;
-                }
-               
-                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                    goto cleanup;
-                }
-                existing_entries = list_count_str_array(rparams->adminservers);
-                list_entries = list_count_str_array(list);
-                if (rmask & LDAP_REALM_ADMINSERVERS) {
-                    tempstr = (char **)realloc(
-                            rparams->adminservers, 
-                            sizeof(char *) * (existing_entries+list_entries+1));
-                    if (tempstr == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    rparams->adminservers = tempstr;
-                }
-                else {
-                    rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-                    if (rparams->adminservers == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
-                }
-                list_modify_str_array(&rparams->adminservers, (const char **)list,
-                    LIST_MODE_ADD);
-                mask |= LDAP_REALM_ADMINSERVERS;
-            }
-        }
-        else if (!strcmp(argv[i], "-pwddn")) {
-            if (++i > argc-1)
-                goto err_usage;
-
-            if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
-                if (!oldpwddns) {
-                   /* Store the old pwd dns list for removing rights */
-                   oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldpwddns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-           
-                   for (j=0; rparams->passwdservers[j] != NULL; j++) {
-                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
-                       if (oldpwddns[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
-                   }
-                   oldpwddns[j] = NULL;
-                }
-                krb5_free_list_entries(rparams->passwdservers);
-                free(rparams->passwdservers);
-            }
-            
-            rparams->passwdservers = (char **)malloc(
-                            sizeof(char *) * MAX_LIST_ENTRIES);
-            if (rparams->passwdservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-            memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                            rparams->passwdservers))) {
-                goto cleanup;
-            }
-            mask |= LDAP_REALM_PASSWDSERVERS;
-            /* Going to replace the existing value by this new value. Hence
-             * setting flag indicating that add or clear options will be ignored
-             */
-            newpwddn = 1;
-        }
-        else if (!strcmp(argv[i], "-clearpwddn")) {
-            if (++i > argc-1)
-                goto err_usage;
-
-            if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
-                if (!oldpwddns) {
+               }
+
+               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                   goto cleanup;
+               }
+               existing_entries = list_count_str_array(rparams->adminservers);
+               list_entries = list_count_str_array(list);
+               if (rmask & LDAP_REALM_ADMINSERVERS) {
+                   tempstr = (char **)realloc(
+                       rparams->adminservers,
+                       sizeof(char *) * (existing_entries+list_entries+1));
+                   if (tempstr == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   rparams->adminservers = tempstr;
+               } else {
+                   rparams->adminservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                   if (rparams->adminservers == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   memset(rparams->adminservers, 0, sizeof(char *) * (list_entries+1));
+               }
+               list_modify_str_array(&rparams->adminservers, (const char **)list,
+                                     LIST_MODE_ADD);
+               mask |= LDAP_REALM_ADMINSERVERS;
+           }
+       } else if (!strcmp(argv[i], "-pwddn")) {
+           if (++i > argc-1)
+               goto err_usage;
+
+           if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+               if (!oldpwddns) {
                    /* Store the old pwd dns list for removing rights */
                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                    if (oldpwddns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
+                       retval = ENOMEM;
+                       goto cleanup;
                    }
-               
+
                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
-                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
-                       if (oldpwddns[j] == NULL) {
+                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                       if (oldpwddns[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldpwddns[j] = NULL;
-                }
-
-                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                    goto cleanup;
-                }
-                list_modify_str_array(&rparams->passwdservers, (const char**)list,
-                    LIST_MODE_DELETE);
-                mask |= LDAP_REALM_PASSWDSERVERS;
-                krb5_free_list_entries(list);
-            }
-        }
-        else if (!strcmp(argv[i], "-addpwddn")) {
-            if (++i > argc-1)
-                goto err_usage;
-            if (!newpwddn) {
-                if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
+               }
+
+               krb5_free_list_entries(rparams->passwdservers);
+               free(rparams->passwdservers);
+           }
+
+           rparams->passwdservers = (char **)malloc(
+               sizeof(char *) * MAX_LIST_ENTRIES);
+           if (rparams->passwdservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+           memset(rparams->passwdservers, 0, sizeof(char *)*MAX_LIST_ENTRIES);
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         rparams->passwdservers))) {
+               goto cleanup;
+           }
+           mask |= LDAP_REALM_PASSWDSERVERS;
+           /* Going to replace the existing value by this new value. Hence
+            * setting flag indicating that add or clear options will be ignored
+            */
+           newpwddn = 1;
+       } else if (!strcmp(argv[i], "-clearpwddn")) {
+           if (++i > argc-1)
+               goto err_usage;
+
+           if ((!newpwddn) && (rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers)) {
+               if (!oldpwddns) {
+                   /* Store the old pwd dns list for removing rights */
+                   oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                   if (oldpwddns == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+
+                   for (j=0; rparams->passwdservers[j] != NULL; j++) {
+                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                       if (oldpwddns[j] == NULL) {
+                           retval = ENOMEM;
+                           goto cleanup;
+                       }
+                   }
+                   oldpwddns[j] = NULL;
+               }
+
+               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                   goto cleanup;
+               }
+               list_modify_str_array(&rparams->passwdservers, (const char**)list,
+                                     LIST_MODE_DELETE);
+               mask |= LDAP_REALM_PASSWDSERVERS;
+               krb5_free_list_entries(list);
+           }
+       } else if (!strcmp(argv[i], "-addpwddn")) {
+           if (++i > argc-1)
+               goto err_usage;
+           if (!newpwddn) {
+               if ((rmask & LDAP_REALM_PASSWDSERVERS) && (rparams->passwdservers) && (!oldpwddns)) {
                    /* Store the old pwd dns list for removing rights */
                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
                    if (oldpwddns == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
+                       retval = ENOMEM;
+                       goto cleanup;
                    }
-               
+
                    for (j=0; rparams->passwdservers[j] != NULL; j++) {
-                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
-                       if (oldpwddns[j] == NULL) {
+                       oldpwddns[j] = strdup(rparams->passwdservers[j]);
+                       if (oldpwddns[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldpwddns[j] = NULL;
-                }
-
-                memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
-                    goto cleanup;
-                }
-                existing_entries = list_count_str_array(rparams->passwdservers);
-                list_entries = list_count_str_array(list);
-                if (rmask & LDAP_REALM_PASSWDSERVERS) {
-                    tempstr = (char **)realloc(
-                            rparams->passwdservers, 
-                            sizeof(char *) * (existing_entries+list_entries+1));
-                    if (tempstr == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    rparams->passwdservers = tempstr;
-                }
-                else {
-                    rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
-                    if (rparams->passwdservers == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
-                }
-                list_modify_str_array(&rparams->passwdservers, (const char**)list,
-                    LIST_MODE_ADD);
-                mask |= LDAP_REALM_PASSWDSERVERS;
-            }
-        }
+               }
+
+               memset(list, 0, sizeof(char *) * MAX_LIST_ENTRIES);
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list))) {
+                   goto cleanup;
+               }
+               existing_entries = list_count_str_array(rparams->passwdservers);
+               list_entries = list_count_str_array(list);
+               if (rmask & LDAP_REALM_PASSWDSERVERS) {
+                   tempstr = (char **)realloc(
+                       rparams->passwdservers,
+                       sizeof(char *) * (existing_entries+list_entries+1));
+                   if (tempstr == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   rparams->passwdservers = tempstr;
+               } else {
+                   rparams->passwdservers = (char **)malloc(sizeof(char *) * (list_entries+1));
+                   if (rparams->passwdservers == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   memset(rparams->passwdservers, 0, sizeof(char *) * (list_entries+1));
+               }
+               list_modify_str_array(&rparams->passwdservers, (const char**)list,
+                                     LIST_MODE_ADD);
+               mask |= LDAP_REALM_PASSWDSERVERS;
+           }
+       }
 #endif
-       else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0)
-       {
-               mask|=ret_mask;
+       else if ((ret_mask= get_ticket_policy(rparams,&i,argv,argc)) !=0) {
+           mask|=ret_mask;
+       } else {
+           printf("'%s' is an invalid option\n", argv[i]);
+           goto err_usage;
        }
-        else {
-            printf("'%s' is an invalid option\n", argv[i]);
-            goto err_usage;
-        }
     }
 
-    if ((retval = krb5_ldap_modify_realm(util_context, 
-                /* global_params.realm, */ rparams, mask))) {
-        goto cleanup;
+    if ((retval = krb5_ldap_modify_realm(util_context,
+                                        /* global_params.realm, */ rparams, mask))) {
+       goto cleanup;
     }
 
 #ifdef HAVE_EDIRECTORY
-    if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) || 
+    if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) ||
        (mask & LDAP_REALM_ADMINSERVERS) || (mask & LDAP_REALM_PASSWDSERVERS)) {
 
        printf("Changing rights for the service object. Please wait ... ");
-       fflush(stdout);    
-       
-       if( !(mask & LDAP_REALM_SUBTREE) ) {
-           if( rparams->subtree != NULL ) {
+       fflush(stdout);
+
+       if (!(mask & LDAP_REALM_SUBTREE)) {
+           if (rparams->subtree != NULL) {
                oldsubtree = strdup(rparams->subtree);
-               if( oldsubtree == NULL ) {
+               if (oldsubtree == NULL) {
                    retval = ENOMEM;
                    goto cleanup;
                }
            }
        }
 
-       if( (mask & LDAP_REALM_SUBTREE) ) { 
-           if( (oldsubtree && !rparams->subtree) || 
-               (!oldsubtree && rparams->subtree) || 
-               (strcmp( oldsubtree, rparams->subtree) != 0) ) {
+       if ((mask & LDAP_REALM_SUBTREE)) {
+           if ((oldsubtree && !rparams->subtree) ||
+               (!oldsubtree && rparams->subtree) ||
+               (strcmp(oldsubtree, rparams->subtree) != 0)) {
                subtree_changed = 1;
-           }   
+           }
        }
 
-       if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS) ) {
+       if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_KDCSERVERS)) {
 
            newkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
            if (newkdcdns == NULL) {
                retval = ENOMEM;
                goto cleanup;
            }
-           
-           if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
+
+           if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
                for (j=0;  rparams->kdcservers[j]!= NULL; j++) {
                    newkdcdns[j] = strdup(rparams->kdcservers[j]);
                    if (newkdcdns[j] == NULL) {
@@ -1409,11 +1373,10 @@ void kdb5_ldap_modify(argc, argv)
                }
                newkdcdns[j] = NULL;
            }
-           
-           if( !subtree_changed ) {
-               disjoint_members( oldkdcdns, newkdcdns);
-           }
-           else { /* Only the subtree was changed. Remove the rights on the old subtree. */
+
+           if (!subtree_changed) {
+               disjoint_members(oldkdcdns, newkdcdns);
+           } else { /* Only the subtree was changed. Remove the rights on the old subtree. */
                if (!(mask & LDAP_REALM_KDCSERVERS)) {
 
                    oldkdcdns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
@@ -1421,8 +1384,8 @@ void kdb5_ldap_modify(argc, argv)
                        retval = ENOMEM;
                        goto cleanup;
                    }
-                   
-                   if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
+
+                   if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
                        for (j=0;  rparams->kdcservers[j]!= NULL; j++) {
                            oldkdcdns[j] = strdup(rparams->kdcservers[j]);
                            if (oldkdcdns[j] == NULL) {
@@ -1431,54 +1394,54 @@ void kdb5_ldap_modify(argc, argv)
                            }
                        }
                        oldkdcdns[j] = NULL;
-                   }               
+                   }
                }
            }
-           
+
            rightsmask =0;
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
            /* Remove the rights on the old subtree */
-           if ( oldkdcdns ) {
-               for ( i=0; (oldkdcdns[i] != NULL); i++) {
-                 if((retval=krb5_ldap_delete_service_rights(util_context,
-                           LDAP_KDC_SERVICE, oldkdcdns[i], 
-                           rparams->realm_name, oldsubtree, rightsmask )) != 0) {
+           if (oldkdcdns) {
+               for (i=0; (oldkdcdns[i] != NULL); i++) {
+                   if ((retval=krb5_ldap_delete_service_rights(util_context,
+                                                               LDAP_KDC_SERVICE, oldkdcdns[i],
+                                                               rparams->realm_name, oldsubtree, rightsmask)) != 0) {
                        printf("failed\n");
                        com_err(argv[0], retval, "while assigning rights '%s'",
-                           rparams->realm_name);
+                               rparams->realm_name);
                        goto err_nomsg;
                    }
                }
            }
-           
+
            rightsmask =0;
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
-           if ( newkdcdns ) {
-               for ( i=0; (newkdcdns[i] != NULL); i++) {
-                   
-                 if((retval=krb5_ldap_add_service_rights(util_context,
-                          LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name,
-                          rparams->subtree, rightsmask )) != 0) {
+           if (newkdcdns) {
+               for (i=0; (newkdcdns[i] != NULL); i++) {
+
+                   if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                            LDAP_KDC_SERVICE, newkdcdns[i], rparams->realm_name,
+                                                            rparams->subtree, rightsmask)) != 0) {
                        printf("failed\n");
                        com_err(argv[0], retval, "while assigning rights to '%s'",
-                          rparams->realm_name);
+                               rparams->realm_name);
                        goto err_nomsg;
                    }
                }
            }
        }
 
-       if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_ADMINSERVERS) ) {
+       if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_ADMINSERVERS)) {
 
            newadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
            if (newadmindns == NULL) {
                retval = ENOMEM;
                goto cleanup;
            }
-           
-           if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
+
+           if ((rparams != NULL) && (rparams->adminservers != NULL)) {
                for (j=0;  rparams->adminservers[j]!= NULL; j++) {
                    newadmindns[j] = strdup(rparams->adminservers[j]);
                    if (newadmindns[j] == NULL) {
@@ -1488,11 +1451,10 @@ void kdb5_ldap_modify(argc, argv)
                }
                newadmindns[j] = NULL;
            }
-           
-           if( !subtree_changed ) {
-               disjoint_members( oldadmindns, newadmindns);
-           }
-           else { /* Only the subtree was changed. Remove the rights on the old subtree. */
+
+           if (!subtree_changed) {
+               disjoint_members(oldadmindns, newadmindns);
+           } else { /* Only the subtree was changed. Remove the rights on the old subtree. */
                if (!(mask & LDAP_REALM_ADMINSERVERS)) {
 
                    oldadmindns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
@@ -1500,8 +1462,8 @@ void kdb5_ldap_modify(argc, argv)
                        retval = ENOMEM;
                        goto cleanup;
                    }
-                   
-                   if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
+
+                   if ((rparams != NULL) && (rparams->adminservers != NULL)) {
                        for (j=0;  rparams->adminservers[j]!= NULL; j++) {
                            oldadmindns[j] = strdup(rparams->adminservers[j]);
                            if (oldadmindns[j] == NULL) {
@@ -1510,7 +1472,7 @@ void kdb5_ldap_modify(argc, argv)
                            }
                        }
                        oldadmindns[j] = NULL;
-                   }       
+                   }
                }
            }
 
@@ -1518,17 +1480,17 @@ void kdb5_ldap_modify(argc, argv)
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
            /* Remove the rights on the old subtree */
-           if ( oldadmindns ) {
-               for ( i=0; (oldadmindns[i] != NULL); i++) {
-                   
-                 if((retval=krb5_ldap_delete_service_rights( util_context,
-                         LDAP_ADMIN_SERVICE, oldadmindns[i], 
-                         rparams->realm_name, oldsubtree, rightsmask )) != 0) {
+           if (oldadmindns) {
+               for (i=0; (oldadmindns[i] != NULL); i++) {
+
+                   if ((retval=krb5_ldap_delete_service_rights(util_context,
+                                                               LDAP_ADMIN_SERVICE, oldadmindns[i],
+                                                               rparams->realm_name, oldsubtree, rightsmask)) != 0) {
                        printf("failed\n");
                        com_err(argv[0], retval, "while assigning rights '%s'",
-                                rparams->realm_name);
+                               rparams->realm_name);
                        goto err_nomsg;
-                 }
+                   }
                }
            }
 
@@ -1536,15 +1498,15 @@ void kdb5_ldap_modify(argc, argv)
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
            /* Add rights on the new subtree for all the kdc dns */
-           if ( newadmindns ) {
-               for ( i=0; (newadmindns[i] != NULL); i++) {
-                   
-                 if((retval=krb5_ldap_add_service_rights( util_context,
-                         LDAP_ADMIN_SERVICE, newadmindns[i], 
-                         rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+           if (newadmindns) {
+               for (i=0; (newadmindns[i] != NULL); i++) {
+
+                   if ((retval=krb5_ldap_add_service_rights(util_context,
+                                                            LDAP_ADMIN_SERVICE, newadmindns[i],
+                                                            rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                        printf("failed\n");
                        com_err(argv[0], retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
+                               rparams->realm_name);
                        goto err_nomsg;
                    }
                }
@@ -1552,15 +1514,15 @@ void kdb5_ldap_modify(argc, argv)
        }
 
 
-       if( (mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_PASSWDSERVERS) ) {
+       if ((mask & LDAP_REALM_SUBTREE) || (mask & LDAP_REALM_PASSWDSERVERS)) {
 
            newpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
            if (newpwddns == NULL) {
                retval = ENOMEM;
                goto cleanup;
            }
-           
-           if ( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
+
+           if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
                for (j=0;  rparams->passwdservers[j]!= NULL; j++) {
                    newpwddns[j] = strdup(rparams->passwdservers[j]);
                    if (newpwddns[j] == NULL) {
@@ -1570,11 +1532,10 @@ void kdb5_ldap_modify(argc, argv)
                }
                newpwddns[j] = NULL;
            }
-           
-           if( !subtree_changed ) {
-               disjoint_members( oldpwddns, newpwddns);
-           }
-           else { /* Only the subtree was changed. Remove the rights on the old subtree. */
+
+           if (!subtree_changed) {
+               disjoint_members(oldpwddns, newpwddns);
+           } else { /* Only the subtree was changed. Remove the rights on the old subtree. */
                if (!(mask & LDAP_REALM_ADMINSERVERS)) {
 
                    oldpwddns = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
@@ -1582,8 +1543,8 @@ void kdb5_ldap_modify(argc, argv)
                        retval = ENOMEM;
                        goto cleanup;
                    }
-                   
-                   if ( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
+
+                   if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
                        for (j=0;  rparams->passwdservers[j]!= NULL; j++) {
                            oldpwddns[j] = strdup(rparams->passwdservers[j]);
                            if (oldpwddns[j] == NULL) {
@@ -1600,14 +1561,14 @@ void kdb5_ldap_modify(argc, argv)
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
            /* Remove the rights on the old subtree */
-           if ( oldpwddns ) {
-               for ( i=0; (oldpwddns[i] != NULL); i++) {
-                   if((retval = krb5_ldap_delete_service_rights( util_context,
-                         LDAP_PASSWD_SERVICE, oldpwddns[i], 
-                         rparams->realm_name, oldsubtree, rightsmask))) {
+           if (oldpwddns) {
+               for (i=0; (oldpwddns[i] != NULL); i++) {
+                   if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                                 LDAP_PASSWD_SERVICE, oldpwddns[i],
+                                                                 rparams->realm_name, oldsubtree, rightsmask))) {
                        printf("failed\n");
                        com_err(argv[0], retval, "while assigning rights '%s'",
-                           rparams->realm_name);
+                               rparams->realm_name);
                        goto err_nomsg;
                    }
                }
@@ -1617,78 +1578,78 @@ void kdb5_ldap_modify(argc, argv)
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
            /* Add rights on the new subtree for all the kdc dns */
-           if ( newpwddns ) {
-               for ( i=0; (newpwddns[i] != NULL); i++) {
-                   if((retval = krb5_ldap_add_service_rights( util_context,
-                         LDAP_PASSWD_SERVICE, newpwddns[i], 
-                         rparams->realm_name, rparams->subtree, rightsmask))) {
+           if (newpwddns) {
+               for (i=0; (newpwddns[i] != NULL); i++) {
+                   if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                              LDAP_PASSWD_SERVICE, newpwddns[i],
+                                                              rparams->realm_name, rparams->subtree, rightsmask))) {
                        printf("failed\n");
                        com_err(argv[0], retval, "while assigning rights to '%s'",
-                           rparams->realm_name);
+                               rparams->realm_name);
                        goto err_nomsg;
                    }
                }
            }
        }
-       
+
        printf("done\n");
     }
 #endif
-    
+
     goto cleanup;
 
 err_usage:
     print_usage = TRUE;
-    
+
 err_nomsg:
     no_msg = TRUE;
-    
+
 cleanup:
     krb5_ldap_free_realm_params(rparams);
 
 #ifdef HAVE_EDIRECTORY
     if (oldkdcdns) {
-       for ( i=0; oldkdcdns[i] != NULL; i++)
+       for (i=0; oldkdcdns[i] != NULL; i++)
            free(oldkdcdns[i]);
        free(oldkdcdns);
     }
     if (oldpwddns) {
-       for ( i=0; oldpwddns[i] != NULL; i++)
+       for (i=0; oldpwddns[i] != NULL; i++)
            free(oldpwddns[i]);
-        free(oldpwddns);
+       free(oldpwddns);
     }
     if (oldadmindns) {
-       for ( i=0; oldadmindns[i] != NULL; i++)
+       for (i=0; oldadmindns[i] != NULL; i++)
            free(oldadmindns[i]);
-        free(oldadmindns);
+       free(oldadmindns);
     }
     if (newkdcdns) {
-       for ( i=0; newkdcdns[i] != NULL; i++)
+       for (i=0; newkdcdns[i] != NULL; i++)
            free(newkdcdns[i]);
        free(newkdcdns);
     }
     if (newpwddns) {
-       for ( i=0; newpwddns[i] != NULL; i++)
+       for (i=0; newpwddns[i] != NULL; i++)
            free(newpwddns[i]);
-        free(newpwddns);
+       free(newpwddns);
     }
     if (newadmindns) {
-       for ( i=0; newadmindns[i] != NULL; i++)
+       for (i=0; newadmindns[i] != NULL; i++)
            free(newadmindns[i]);
-        free(newadmindns);
+       free(newadmindns);
     }
     if (oldsubtree)
        free(oldsubtree);
 #endif
     if (print_usage) {
-        db_usage(MODIFY_REALM);
+       db_usage(MODIFY_REALM);
     }
 
     if (retval) {
-        if (!no_msg)
-            com_err(argv[0], retval, "while modifying information of realm '%s'",
-                global_params.realm);
-        exit_status++;
+       if (!no_msg)
+           com_err(argv[0], retval, "while modifying information of realm '%s'",
+                   global_params.realm);
+       exit_status++;
     }
 
     return;
@@ -1712,26 +1673,26 @@ void kdb5_ldap_view(argc, argv)
     dal_handle = (kdb5_dal_handle *) util_context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-        retval = EINVAL;
-        com_err(argv[0], retval, "while initializing database");
-        exit_status++;
-        return;
+       retval = EINVAL;
+       com_err(argv[0], retval, "while initializing database");
+       exit_status++;
+       return;
     }
 
     /* Read the kerberos container information */
-    if ((retval = krb5_ldap_read_krbcontainer_params(util_context, 
-            &(ldap_context->krbcontainer))) != 0) {
-        com_err(argv[0], retval, "while reading kerberos container information");
-        exit_status++;
-        return;
+    if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer))) != 0) {
+       com_err(argv[0], retval, "while reading kerberos container information");
+       exit_status++;
+       return;
     }
 
     if ((retval = krb5_ldap_read_realm_params(util_context,
-            global_params.realm, &rparams, &mask)) || (!rparams)) {
-        com_err(argv[0], retval, "while reading information of realm '%s'",
-                   global_params.realm);
-        exit_status++;
-        return;
+                                             global_params.realm, &rparams, &mask)) || (!rparams)) {
+       com_err(argv[0], retval, "while reading information of realm '%s'",
+               global_params.realm);
+       exit_status++;
+       return;
     }
     print_realm_params(rparams, mask);
     krb5_ldap_free_realm_params(rparams);
@@ -1740,27 +1701,27 @@ void kdb5_ldap_view(argc, argv)
 }
 
 static char *strdur(duration)
-       time_t duration;
+    time_t duration;
 {
-       static char out[50];
-       int neg, days, hours, minutes, seconds;
-
-       if (duration < 0) {
-               duration *= -1;
-               neg = 1;
-       } else
-               neg = 0;
-       days = duration / (24 * 3600);
-       duration %= 24 * 3600;
-       hours = duration / 3600;
-       duration %= 3600;
-       minutes = duration / 60;
-       duration %= 60;
-       seconds = duration;
-       sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
-                       days, days == 1 ? "day" : "days",
-                       hours, minutes, seconds);
-       return out;
+    static char out[50];
+    int neg, days, hours, minutes, seconds;
+
+    if (duration < 0) {
+       duration *= -1;
+       neg = 1;
+    } else
+       neg = 0;
+    days = duration / (24 * 3600);
+    duration %= 24 * 3600;
+    hours = duration / 3600;
+    duration %= 3600;
+    minutes = duration / 60;
+    duration %= 60;
+    seconds = duration;
+    sprintf(out, "%s%d %s %02d:%02d:%02d", neg ? "-" : "",
+           days, days == 1 ? "day" : "days",
+           hours, minutes, seconds);
+    return out;
 }
 
 /*
@@ -1778,113 +1739,112 @@ static void print_realm_params(krb5_ldap_realm_params *rparams, int mask)
     /* Print the Realm Attributes on the standard output */
     printf("%25s: %-50s\n", "Realm Name", global_params.realm);
     if (mask & LDAP_REALM_SUBTREE)
-        printf("%25s: %-50s\n", "Subtree", rparams->subtree);
+       printf("%25s: %-50s\n", "Subtree", rparams->subtree);
     if (mask & LDAP_REALM_SEARCHSCOPE) {
-        if ((rparams->search_scope != 1) &&
-            (rparams->search_scope != 2)) {
-            printf("%25s: %-50s\n", "SearchScope", "Invalid !");
-        }
-        else {
-            printf("%25s: %-50s\n", "SearchScope", 
-            (rparams->search_scope == 1) ? "ONE" : "SUB");
-        }
+       if ((rparams->search_scope != 1) &&
+           (rparams->search_scope != 2)) {
+           printf("%25s: %-50s\n", "SearchScope", "Invalid !");
+       } else {
+           printf("%25s: %-50s\n", "SearchScope",
+                  (rparams->search_scope == 1) ? "ONE" : "SUB");
+       }
     }
     if (mask & LDAP_REALM_KDCSERVERS) {
-        printf("%25s:", "KDC Services");
-        if (rparams->kdcservers != NULL) {
-            num_entry_printed = 0;
-            for(slist = rparams->kdcservers; *slist != NULL; slist++) {
-                if (num_entry_printed)
-                    printf(" %25s %-50s\n", " ", *slist);
-                else
-                    printf(" %-50s\n", *slist);
-                num_entry_printed++;
-            }
-        }
-        if (num_entry_printed == 0)
-            printf("\n");
+       printf("%25s:", "KDC Services");
+       if (rparams->kdcservers != NULL) {
+           num_entry_printed = 0;
+           for (slist = rparams->kdcservers; *slist != NULL; slist++) {
+               if (num_entry_printed)
+                   printf(" %25s %-50s\n", " ", *slist);
+               else
+                   printf(" %-50s\n", *slist);
+               num_entry_printed++;
+           }
+       }
+       if (num_entry_printed == 0)
+           printf("\n");
     }
     if (mask & LDAP_REALM_ADMINSERVERS) {
-        printf("%25s:", "Admin Services");
-        if (rparams->adminservers != NULL) {
-            num_entry_printed = 0;
-            for(slist = rparams->adminservers; *slist != NULL; slist++) {
-                if (num_entry_printed)
-                    printf(" %25s %-50s\n", " ", *slist);
-                else
-                    printf(" %-50s\n", *slist);
-                num_entry_printed++;
-            }
-        }
-        if (num_entry_printed == 0)
-            printf("\n");
+       printf("%25s:", "Admin Services");
+       if (rparams->adminservers != NULL) {
+           num_entry_printed = 0;
+           for (slist = rparams->adminservers; *slist != NULL; slist++) {
+               if (num_entry_printed)
+                   printf(" %25s %-50s\n", " ", *slist);
+               else
+                   printf(" %-50s\n", *slist);
+               num_entry_printed++;
+           }
+       }
+       if (num_entry_printed == 0)
+           printf("\n");
     }
     if (mask & LDAP_REALM_PASSWDSERVERS) {
-        printf("%25s:", "Passwd Services");
-        if (rparams->passwdservers != NULL) {
-            num_entry_printed = 0;
-            for(slist = rparams->passwdservers; *slist != NULL; slist++) {
-                if (num_entry_printed)
-                    printf(" %25s %-50s\n", " ", *slist);
-                else
-                    printf(" %-50s\n", *slist);
-                num_entry_printed++;
-            }
-        }
-        if (num_entry_printed == 0)
-            printf("\n");
+       printf("%25s:", "Passwd Services");
+       if (rparams->passwdservers != NULL) {
+           num_entry_printed = 0;
+           for (slist = rparams->passwdservers; *slist != NULL; slist++) {
+               if (num_entry_printed)
+                   printf(" %25s %-50s\n", " ", *slist);
+               else
+                   printf(" %-50s\n", *slist);
+               num_entry_printed++;
+           }
+       }
+       if (num_entry_printed == 0)
+           printf("\n");
     }
     if (mask & LDAP_REALM_MAXTICKETLIFE) {
-           printf("%25s:", "Maximum Ticket Life");
-           printf(" %s \n", strdur(rparams->max_life));
+       printf("%25s:", "Maximum Ticket Life");
+       printf(" %s \n", strdur(rparams->max_life));
     }
 
     if (mask & LDAP_REALM_MAXRENEWLIFE) {
-           printf("%25s:", "Maximum Renewable Life");
-           printf(" %s \n", strdur(rparams->max_renewable_life));
+       printf("%25s:", "Maximum Renewable Life");
+       printf(" %s \n", strdur(rparams->max_renewable_life));
     }
 
     if (mask & LDAP_REALM_KRBTICKETFLAGS) {
-        int ticketflags = rparams->tktflags;
+       int ticketflags = rparams->tktflags;
 
-        printf("%25s: ", "Ticket flags");
-        if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
-            printf("%s ","DISALLOW_POSTDATED");
+       printf("%25s: ", "Ticket flags");
+       if (ticketflags & KRB5_KDB_DISALLOW_POSTDATED)
+           printf("%s ","DISALLOW_POSTDATED");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
-            printf("%s ","DISALLOW_FORWARDABLE");
+       if (ticketflags & KRB5_KDB_DISALLOW_FORWARDABLE)
+           printf("%s ","DISALLOW_FORWARDABLE");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
-            printf("%s ","DISALLOW_RENEWABLE");
+       if (ticketflags & KRB5_KDB_DISALLOW_RENEWABLE)
+           printf("%s ","DISALLOW_RENEWABLE");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
-            printf("%s ","DISALLOW_PROXIABLE");
+       if (ticketflags & KRB5_KDB_DISALLOW_PROXIABLE)
+           printf("%s ","DISALLOW_PROXIABLE");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
-            printf("%s ","DISALLOW_DUP_SKEY");
+       if (ticketflags & KRB5_KDB_DISALLOW_DUP_SKEY)
+           printf("%s ","DISALLOW_DUP_SKEY");
 
-        if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
-            printf("%s ","REQUIRES_PRE_AUTH");
+       if (ticketflags & KRB5_KDB_REQUIRES_PRE_AUTH)
+           printf("%s ","REQUIRES_PRE_AUTH");
 
-        if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
-            printf("%s ","REQUIRES_HW_AUTH");
+       if (ticketflags & KRB5_KDB_REQUIRES_HW_AUTH)
+           printf("%s ","REQUIRES_HW_AUTH");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_SVR)
-            printf("%s ","DISALLOW_SVR");
+       if (ticketflags & KRB5_KDB_DISALLOW_SVR)
+           printf("%s ","DISALLOW_SVR");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
-            printf("%s ","DISALLOW_TGT_BASED");
+       if (ticketflags & KRB5_KDB_DISALLOW_TGT_BASED)
+           printf("%s ","DISALLOW_TGT_BASED");
 
-        if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
-            printf("%s ","DISALLOW_ALL_TIX");
+       if (ticketflags & KRB5_KDB_DISALLOW_ALL_TIX)
+           printf("%s ","DISALLOW_ALL_TIX");
 
-        if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
-            printf("%s ","REQUIRES_PWCHANGE");
+       if (ticketflags & KRB5_KDB_REQUIRES_PWCHANGE)
+           printf("%s ","REQUIRES_PWCHANGE");
 
-        if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
-            printf("%s ","PWCHANGE_SERVICE");
+       if (ticketflags & KRB5_KDB_PWCHANGE_SERVICE)
+           printf("%s ","PWCHANGE_SERVICE");
 
-        printf("\n");
+       printf("\n");
     }
 
 
@@ -1910,36 +1870,36 @@ void kdb5_ldap_list(argc, argv)
     dal_handle = (kdb5_dal_handle *)util_context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-        retval = EINVAL;
-        exit_status++; 
-        return;
+       retval = EINVAL;
+       exit_status++;
+       return;
     }
 
     /* Read the kerberos container information */
-    if ((retval = krb5_ldap_read_krbcontainer_params(util_context, 
-            &(ldap_context->krbcontainer))) != 0) {
-      com_err(argv[0], retval, "while reading kerberos container information");
-      exit_status++;
-      return;
+    if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer))) != 0) {
+       com_err(argv[0], retval, "while reading kerberos container information");
+       exit_status++;
+       return;
     }
-    
+
     retval = krb5_ldap_list_realm(util_context, &list);
     if (retval != 0) {
-        krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+       krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
        ldap_context->krbcontainer = NULL;
-        com_err (argv[0], retval, "while listing realms");
-        exit_status++; 
-        return;
+       com_err (argv[0], retval, "while listing realms");
+       exit_status++;
+       return;
     }
     /* This is to handle the case of realm not present */
     if (list == NULL) {
-        krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
+       krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
        ldap_context->krbcontainer = NULL;
-        return;
+       return;
     }
-    
-    for(plist = list; *plist != NULL; plist++) {
-        printf("%s\n", *plist);
+
+    for (plist = list; *plist != NULL; plist++) {
+       printf("%s\n", *plist);
     }
     krb5_ldap_free_krbcontainer_params(ldap_context->krbcontainer);
     ldap_context->krbcontainer = NULL;
@@ -1951,7 +1911,7 @@ void kdb5_ldap_list(argc, argv)
 
 
 /*
- * This function creates service principals when 
+ * This function creates service principals when
  * creating the realm object.
  */
 static int
@@ -1973,32 +1933,32 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     krb5_ldap_context *ldap_context=NULL;
 
     if ((pblock == NULL) || (context == NULL)) {
-        retval = EINVAL;
-        goto cleanup;
+       retval = EINVAL;
+       goto cleanup;
     }
     dal_handle = (kdb5_dal_handle *) context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-        retval = EINVAL;
-        goto cleanup;
+       retval = EINVAL;
+       goto cleanup;
     }
 
     memset(&entry, 0, sizeof(entry));
-    
+
     tl_data = malloc(sizeof(*tl_data));
     if (tl_data == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
     memset(tl_data, 0, sizeof(*tl_data));
     tl_data->tl_data_length = 1 + 2 + 2 + 1 + 2 + 4;
     tl_data->tl_data_type = 7; /* KDB_TL_USER_INFO */
     curr = tl_data->tl_data_contents = malloc(tl_data->tl_data_length);
     if (tl_data->tl_data_contents == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
+
     memset(curr, 1, 1); /* Passing the mask as principal type */
     curr += 1;
     currlen = 2;
@@ -2006,7 +1966,7 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     curr += currlen;
     STORE16_INT(curr, princtype);
     curr += currlen;
-    
+
     mask |= KDB_PRINCIPAL;
     mask |= KDB_ATTRIBUTES ;
     mask |= KDB_MAX_LIFE ;
@@ -2025,29 +1985,28 @@ kdb_ldap_create_principal (context, princ, op, pblock)
        goto cleanup;
 
     /* Allocate memory for storing the key */
-    if ((entry.key_data = (krb5_key_data *) malloc( 
-                   (sizeof(krb5_key_data)*(entry.n_key_data + 1)))) == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+    if ((entry.key_data = (krb5_key_data *) malloc(
+            (sizeof(krb5_key_data)*(entry.n_key_data + 1)))) == NULL) {
+       retval = ENOMEM;
+       goto cleanup;
     }
-    
+
     memset(entry.key_data + entry.n_key_data, 0, sizeof(krb5_key_data));
     entry.n_key_data++;
 
-    switch (op)
-    {
+    switch (op) {
     case TGT_KEY:
        retval = krb5_c_make_random_key(context, 16, &key) ;
-       if( retval ) {
+       if (retval) {
            goto cleanup;
        }
-       
+
        kvno = 1; /* New key is getting set */
-       retval = krb5_dbekd_encrypt_key_data(context, 
-                       &ldap_context->lrparams->mkey, 
-                       &key, NULL, kvno, 
-                       &entry.key_data[entry.n_key_data - 1]); 
-       if( retval ) {
+       retval = krb5_dbekd_encrypt_key_data(context,
+                                            &ldap_context->lrparams->mkey,
+                                            &key, NULL, kvno,
+                                            &entry.key_data[entry.n_key_data - 1]);
+       if (retval) {
            goto cleanup;
        }
        krb5_free_keyblock_contents(context, &key);
@@ -2056,9 +2015,9 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     case MASTER_KEY:
        kvno = 1; /* New key is getting set */
        retval = krb5_dbekd_encrypt_key_data(context, pblock->key,
-                       &ldap_context->lrparams->mkey, NULL, kvno, 
-                       &entry.key_data[entry.n_key_data - 1]); 
-       if( retval ) {
+                                            &ldap_context->lrparams->mkey, NULL, kvno,
+                                            &entry.key_data[entry.n_key_data - 1]);
+       if (retval) {
            goto cleanup;
        }
        break;
@@ -2067,15 +2026,15 @@ kdb_ldap_create_principal (context, princ, op, pblock)
     default:
        break;
     } /* end of switch */
-    
+
     retval = krb5_ldap_put_principal(context, &entry, &nentry, NULL);
-    if( retval ) {
-        com_err(NULL, retval, "while adding entries to database");
-        goto cleanup;
+    if (retval) {
+       com_err(NULL, retval, "while adding entries to database");
+       goto cleanup;
     }
-    
- cleanup:
-    krb5_dbe_free_contents( context, &entry);
+
+cleanup:
+    krb5_dbe_free_contents(context, &entry);
     return retval;
 }
 
@@ -2097,14 +2056,14 @@ kdb5_ldap_destroy(argc, argv)
     int mask = 0;
     kdb5_dal_handle *dal_handle = NULL;
     krb5_ldap_context *ldap_context = NULL;
-#ifdef HAVE_EDIRECTORY    
+#ifdef HAVE_EDIRECTORY
     int i = 0, rightsmask = 0;
     krb5_ldap_realm_params *rparams = NULL;
 #endif
 
     optind = 1;
     while ((optchar = getopt(argc, argv, "f")) != -1) {
-       switch(optchar) {
+       switch (optchar) {
        case 'f':
            force++;
            break;
@@ -2133,31 +2092,31 @@ kdb5_ldap_destroy(argc, argv)
     dal_handle = (kdb5_dal_handle *)util_context->db_context;
     ldap_context = (krb5_ldap_context *) dal_handle->db_context;
     if (!(ldap_context)) {
-        com_err(argv[0], EINVAL, "while initializing database");
-        exit_status++;
-        return;
+       com_err(argv[0], EINVAL, "while initializing database");
+       exit_status++;
+       return;
     }
-    
+
     /* Read the kerberos container from the LDAP Server */
-    if ((retval = krb5_ldap_read_krbcontainer_params(util_context, 
-                     &(ldap_context->krbcontainer))) != 0) {
-        com_err(argv[0], retval, "while reading kerberos container information");
-        exit_status++;
-        return;
+    if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer))) != 0) {
+       com_err(argv[0], retval, "while reading kerberos container information");
+       exit_status++;
+       return;
     }
 
     /* Read the Realm information from the LDAP Server */
     if ((retval = krb5_ldap_read_realm_params(util_context, global_params.realm,
-                    &(ldap_context->lrparams), &mask)) != 0) {
-        com_err(argv[0], retval, "while reading realm information");
-        exit_status++;
-        return;
+                                             &(ldap_context->lrparams), &mask)) != 0) {
+       com_err(argv[0], retval, "while reading realm information");
+       exit_status++;
+       return;
     }
 
 #ifdef HAVE_EDIRECTORY
-    if(mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
-       (mask & LDAP_REALM_PASSWDSERVERS) ) {
-       
+    if ((mask & LDAP_REALM_KDCSERVERS) || (mask & LDAP_REALM_ADMINSERVERS) ||
+       (mask & LDAP_REALM_PASSWDSERVERS)) {
+
        printf("Changing rights for the service object. Please wait ... ");
        fflush(stdout);
 
@@ -2165,14 +2124,14 @@ kdb5_ldap_destroy(argc, argv)
        rightsmask = 0;
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ( (rparams != NULL) && (rparams->kdcservers != NULL) ) {
-           for ( i=0; (rparams->kdcservers[i] != NULL); i++) {
-               if((retval = krb5_ldap_delete_service_rights( util_context,
-                        LDAP_KDC_SERVICE, rparams->kdcservers[i], 
-                        rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+       if ((rparams != NULL) && (rparams->kdcservers != NULL)) {
+           for (i=0; (rparams->kdcservers[i] != NULL); i++) {
+               if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                             LDAP_KDC_SERVICE, rparams->kdcservers[i],
+                                                             rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                    printf("failed\n");
                    com_err(argv[0], retval, "while assigning rights to '%s'",
-                        rparams->realm_name);
+                           rparams->realm_name);
                    return;
                }
            }
@@ -2180,14 +2139,14 @@ kdb5_ldap_destroy(argc, argv)
        rightsmask = 0;
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if ( (rparams != NULL) && (rparams->adminservers != NULL) ) {
-           for ( i=0; (rparams->adminservers[i] != NULL); i++) {
-               if((retval = krb5_ldap_delete_service_rights( util_context,
-                        LDAP_ADMIN_SERVICE, rparams->adminservers[i], 
-                        rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+       if ((rparams != NULL) && (rparams->adminservers != NULL)) {
+           for (i=0; (rparams->adminservers[i] != NULL); i++) {
+               if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                             LDAP_ADMIN_SERVICE, rparams->adminservers[i],
+                                                             rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                    printf("failed\n");
                    com_err(argv[0], retval, "while assigning rights to '%s'",
-                        rparams->realm_name);
+                           rparams->realm_name);
                    return;
                }
            }
@@ -2195,14 +2154,14 @@ kdb5_ldap_destroy(argc, argv)
        rightsmask = 0;
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
-       if( (rparams != NULL) && (rparams->passwdservers != NULL) ) {
-           for ( i=0; (rparams->passwdservers[i] != NULL); i++) {
-               if((retval = krb5_ldap_delete_service_rights( util_context,
-                       LDAP_PASSWD_SERVICE, rparams->passwdservers[i], 
-                       rparams->realm_name, rparams->subtree, rightsmask )) != 0) {
+       if ((rparams != NULL) && (rparams->passwdservers != NULL)) {
+           for (i=0; (rparams->passwdservers[i] != NULL); i++) {
+               if ((retval = krb5_ldap_delete_service_rights(util_context,
+                                                             LDAP_PASSWD_SERVICE, rparams->passwdservers[i],
+                                                             rparams->realm_name, rparams->subtree, rightsmask)) != 0) {
                    printf("failed\n");
                    com_err(argv[0], retval, "while assigning rights to '%s'",
-                       rparams->realm_name);
+                           rparams->realm_name);
                    return;
                }
            }
@@ -2213,9 +2172,9 @@ kdb5_ldap_destroy(argc, argv)
     /* Delete the realm container and all the associated principals */
     retval = krb5_ldap_delete_realm(util_context, global_params.realm);
     if (retval) {
-        com_err(argv[0], retval, "deleting database of '%s'", global_params.realm);
-        exit_status++;
-        return;
+       com_err(argv[0], retval, "deleting database of '%s'", global_params.realm);
+       exit_status++;
+       return;
     }
 
     printf("** Database of '%s' destroyed.\n", global_params.realm);
index 1a0ea9ccb69566931bf5cab81a7180cb4b5ff373..59b684beb28c39f4f964f23ba0de8fef1c908ed7 100644 (file)
@@ -1,32 +1,32 @@
 /*
  * kadmin/ldap_util/kdb5_ldap_realm.h
  */
+
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 #define MAX_KRB_CONTAINER_LEN  256
index 1ce08feb28e8e8c9a7982257bfde178d84bd9378..783b44d68aee3987ad2b3d5b1c3ad290cbf9f22b 100644 (file)
@@ -5,28 +5,28 @@
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 /*
 #ifdef HAVE_EDIRECTORY
 
 krb5_error_code
-rem_service_entry_from_file( int argc,
-                            char *argv[],
-                            char *file_name,
-                            char *service_object );
+rem_service_entry_from_file(int argc,
+                           char *argv[],
+                           char *file_name,
+                           char *service_object);
 
 extern char *yes;
 extern krb5_boolean db_inited;
@@ -63,90 +63,86 @@ static int process_host_list(char **host_list, int servicetype)
 
     /* Protocol and port number processing */
     for (j = 0; host_list[j]; j++) {
-        /* Look for one hash */
-        if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
-            unsigned int hostname_len = pchr - host_list[j];
-
-            /* Check input for buffer overflow */
-            if (hostname_len >= MAX_LEN_LIST_ENTRY) {
-                retval = EINVAL;
-                goto cleanup;
-            }
-
-            /* First copy off the host name portion */
-            strncpy (host_str, host_list[j], hostname_len);
-
-            /* Parse for the protocol string and translate to number */
-            strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
-            if (!strcmp(proto_str, "udp"))
-                sprintf (proto_str, "%d", PROTOCOL_NUM_UDP);
-            else if (!strcmp(proto_str, "tcp"))
-                sprintf (proto_str, "%d", PROTOCOL_NUM_TCP);
-            else
-                proto_str[0] = '\0'; /* Make the string null if invalid */
-
-            /* Look for one more hash */
-            if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
-                /* Parse for the port string and check if it is numeric */
-                strncpy (port_str, pchr + 1, PORT_STR_LEN);
-                if (!strtol(port_str, NULL, 10)) /* Not a valid number */
-                    port_str[0] = '\0';
-            }
-            else
-                port_str[0] = '\0';
-        }
-        else { /* We have only host name */
-            strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
-            proto_str[0] = '\0';
-            port_str[0] = '\0';
-        }
-
-        /* Now, based on service type, fill in suitable protocol
-           and port values if they are absent or not matching */
-        if (servicetype == LDAP_KDC_SERVICE) {
-            if (proto_str[0] == '\0')
-                sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC);
-
-            if (port_str[0] == '\0')
-                sprintf (port_str, "%d", PORT_DEFAULT_KDC);
-        }
-        else if (servicetype == LDAP_ADMIN_SERVICE) {
-            if (proto_str[0] == '\0')
-                sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
-            else if (strcmp(proto_str, "1")) {
-                sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
-
-                /* Print warning message */
-                printf ("Admin Server supports only TCP protocol, hence setting that\n");
-            }
-
-            if (port_str[0] == '\0')
-                sprintf (port_str, "%d", PORT_DEFAULT_ADM);
-        }
-        else if (servicetype == LDAP_PASSWD_SERVICE) {
-            if (proto_str[0] == '\0')
-                sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
-            else if (strcmp(proto_str, "0")) {
-                sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
-
-                /* Print warning message */
-                printf ("Password Server supports only UDP protocol, hence setting that\n");
-            }
-
-            if (port_str[0] == '\0')
-                sprintf (port_str, "%d", PORT_DEFAULT_PWD);
-        }
-
-        /* Finally form back the string */
-        free (host_list[j]);
-        host_list[j] = (char*) malloc(sizeof(char) *
-                                      (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
-        if (host_list[j] == NULL) {
-            retval = ENOMEM;
-            goto cleanup;
-        }
-        snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
-                  "%s#%s#%s", host_str, proto_str, port_str);
+       /* Look for one hash */
+       if ((pchr = strchr(host_list[j], HOST_INFO_DELIMITER))) {
+           unsigned int hostname_len = pchr - host_list[j];
+
+           /* Check input for buffer overflow */
+           if (hostname_len >= MAX_LEN_LIST_ENTRY) {
+               retval = EINVAL;
+               goto cleanup;
+           }
+
+           /* First copy off the host name portion */
+           strncpy (host_str, host_list[j], hostname_len);
+
+           /* Parse for the protocol string and translate to number */
+           strncpy (proto_str, pchr + 1, PROTOCOL_STR_LEN);
+           if (!strcmp(proto_str, "udp"))
+               sprintf (proto_str, "%d", PROTOCOL_NUM_UDP);
+           else if (!strcmp(proto_str, "tcp"))
+               sprintf (proto_str, "%d", PROTOCOL_NUM_TCP);
+           else
+               proto_str[0] = '\0'; /* Make the string null if invalid */
+
+           /* Look for one more hash */
+           if ((pchr = strchr(pchr + 1, HOST_INFO_DELIMITER))) {
+               /* Parse for the port string and check if it is numeric */
+               strncpy (port_str, pchr + 1, PORT_STR_LEN);
+               if (!strtol(port_str, NULL, 10)) /* Not a valid number */
+                   port_str[0] = '\0';
+           } else
+               port_str[0] = '\0';
+       } else { /* We have only host name */
+           strncpy (host_str, host_list[j], MAX_LEN_LIST_ENTRY - 1);
+           proto_str[0] = '\0';
+           port_str[0] = '\0';
+       }
+
+       /* Now, based on service type, fill in suitable protocol
+          and port values if they are absent or not matching */
+       if (servicetype == LDAP_KDC_SERVICE) {
+           if (proto_str[0] == '\0')
+               sprintf (proto_str, "%d", PROTOCOL_DEFAULT_KDC);
+
+           if (port_str[0] == '\0')
+               sprintf (port_str, "%d", PORT_DEFAULT_KDC);
+       } else if (servicetype == LDAP_ADMIN_SERVICE) {
+           if (proto_str[0] == '\0')
+               sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
+           else if (strcmp(proto_str, "1")) {
+               sprintf (proto_str, "%d", PROTOCOL_DEFAULT_ADM);
+
+               /* Print warning message */
+               printf ("Admin Server supports only TCP protocol, hence setting that\n");
+           }
+
+           if (port_str[0] == '\0')
+               sprintf (port_str, "%d", PORT_DEFAULT_ADM);
+       } else if (servicetype == LDAP_PASSWD_SERVICE) {
+           if (proto_str[0] == '\0')
+               sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
+           else if (strcmp(proto_str, "0")) {
+               sprintf (proto_str, "%d", PROTOCOL_DEFAULT_PWD);
+
+               /* Print warning message */
+               printf ("Password Server supports only UDP protocol, hence setting that\n");
+           }
+
+           if (port_str[0] == '\0')
+               sprintf (port_str, "%d", PORT_DEFAULT_PWD);
+       }
+
+       /* Finally form back the string */
+       free (host_list[j]);
+       host_list[j] = (char*) malloc(sizeof(char) *
+                                     (strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1));
+       if (host_list[j] == NULL) {
+           retval = ENOMEM;
+           goto cleanup;
+       }
+       snprintf (host_list[j], strlen(host_str) + strlen(proto_str) + strlen(port_str) + 2 + 1,
+                 "%s#%s#%s", host_str, proto_str, port_str);
     }
 
 cleanup:
@@ -158,7 +154,7 @@ cleanup:
  * Given a realm name, this function will convert it to a DN by appending the
  * Kerberos container location.
  */
-static krb5_error_code 
+static krb5_error_code
 convert_realm_name2dn_list(list, krbcontainer_loc)
     char **list;
     const char *krbcontainer_loc;
@@ -169,24 +165,24 @@ convert_realm_name2dn_list(list, krbcontainer_loc)
     int i = 0;
 
     if (list == NULL) {
-        return EINVAL;
+       return EINVAL;
     }
 
     for (i = 0; (list[i] != NULL) && (i < MAX_LIST_ENTRIES); i++) {
-        /* Restrict copying to max. length to avoid buffer overflow */
-        snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
+       /* Restrict copying to max. length to avoid buffer overflow */
+       snprintf (temp_str, MAX_DN_CHARS, "cn=%s,%s", list[i], krbcontainer_loc);
 
-        /* Make copy of string to temporary node */
-        temp_node = strdup(temp_str);
-        if (list[i] == NULL) {
-            retval = ENOMEM;
-            goto cleanup;
-        }
+       /* Make copy of string to temporary node */
+       temp_node = strdup(temp_str);
+       if (list[i] == NULL) {
+           retval = ENOMEM;
+           goto cleanup;
+       }
 
-        /* On success, free list node and attach new one */
-        free (list[i]);
-        list[i] = temp_node;
-        temp_node = NULL;
+       /* On success, free list node and attach new one */
+       free (list[i]);
+       list[i] = temp_node;
+       temp_node = NULL;
     }
 
 cleanup:
@@ -195,16 +191,16 @@ cleanup:
 
 
 /*
- * This function will create a service object on the LDAP Server, with the 
+ * This function will create a service object on the LDAP Server, with the
  * specified attributes.
  */
 void kdb5_ldap_create_service(argc, argv)
-   int argc;
-   char *argv[];
+    int argc;
+    char *argv[];
 {
     char *me = argv[0];
     krb5_error_code retval = 0;
-    krb5_ldap_service_params *srvparams = NULL; 
+    krb5_ldap_service_params *srvparams = NULL;
     krb5_boolean print_usage = FALSE;
     krb5_boolean no_msg = FALSE;
     int mask = 0;
@@ -222,15 +218,15 @@ void kdb5_ldap_create_service(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 3) || (argc > 10)) {
-        exit_status++;
+       exit_status++;
        goto err_usage;
     }
 
     /* Allocate memory for service parameters structure */
     srvparams = (krb5_ldap_service_params*) calloc(1, sizeof(krb5_ldap_service_params));
     if (srvparams == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
 
     dal_handle = (kdb5_dal_handle *) util_context->db_context;
@@ -241,168 +237,160 @@ void kdb5_ldap_create_service(argc, argv)
        of arguments */
     extra_argv = (char **) calloc((unsigned int)argc, sizeof(char*));
     if (extra_argv == NULL) {
-        retval = ENOMEM;
-        goto cleanup;
+       retval = ENOMEM;
+       goto cleanup;
     }
 
     /* Set first of the extra arguments as the program name */
     extra_argv[0] = me;
     extra_argc++;
 
-    /* Read Kerberos container info, to construct realm DN from name 
+    /* Read Kerberos container info, to construct realm DN from name
      * and for assigning rights
      */
-    if ((retval = krb5_ldap_read_krbcontainer_params(util_context, 
-                       &(ldap_context->krbcontainer)))) {
-        com_err(me, retval, "while reading Kerberos container information");
-        goto cleanup;
+    if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                    &(ldap_context->krbcontainer)))) {
+       com_err(me, retval, "while reading Kerberos container information");
+       goto cleanup;
     }
 
     /* Parse all arguments */
     for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-kdc")) {
-            srvparams->servicetype = LDAP_KDC_SERVICE;
-        }
-        else if (!strcmp(argv[i], "-admin")) {
-            srvparams->servicetype = LDAP_ADMIN_SERVICE;
-        }
-        else if (!strcmp(argv[i], "-pwd")) {
-            srvparams->servicetype = LDAP_PASSWD_SERVICE;
-        }
-        else if (!strcmp(argv[i], "-servicehost")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
-                                               sizeof(char *));
-            if (srvparams->krbhostservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
-                                srvparams->krbhostservers))) {
-                goto cleanup; 
-            }
-
-            if ((retval = process_host_list (srvparams->krbhostservers, 
-                               srvparams->servicetype))) {
-                goto cleanup;
-            }
-
-            mask |= LDAP_SERVICE_HOSTSERVER;
-        }
-        else if (!strcmp(argv[i], "-realm")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
-                                                sizeof(char *));
-            if (srvparams->krbrealmreferences == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                               srvparams->krbrealmreferences))) {
-                goto cleanup; 
-            }
-
-            /* Convert realm names to realm DNs */
-            if ((retval = convert_realm_name2dn_list(
-                               srvparams->krbrealmreferences, 
-                               ldap_context->krbcontainer->DN))) {
-                goto cleanup; 
-            }
-
-            mask |= LDAP_SERVICE_REALMREFERENCE;
-        }
-        /* If argument is none of the above and beginning with '-',
-         * it must be related to password -- collect it
-         * to pass onto kdb5_ldap_set_service_password() 
-         */
-        else if (*(argv[i]) == '-') {
-            /* Checking for options of setting the password for the 
-             * service (by using 'setsrvpw') is not modular. --need to
-             * have a common function that can be shared with 'setsrvpw' 
-             */
-            if (!strcmp(argv[i], "-randpw")) {
-                extra_argv[extra_argc] = argv[i];
-                extra_argc++;
-            }
-            else if (!strcmp(argv[i], "-fileonly")) {
-                extra_argv[extra_argc] = argv[i];
-                extra_argc++;
-            }
-            /* For '-f' option alone, pick up the following argument too */
-            else if (!strcmp(argv[i], "-f")) {
-                extra_argv[extra_argc] = argv[i];
-                extra_argc++;
-
-                if (++i > argc - 1)
-                    goto err_usage;
-
-                extra_argv[extra_argc] = argv[i];
-                extra_argc++;
-            }
-            else { /* Any other option is invalid */
-                exit_status++;
-                goto err_usage;
-            }
-        }
-        else { /* Any other argument must be service DN */
-            /* First check if service DN is already provided --
-             * if so, there's a usage error 
-             */
-            if (srvparams->servicedn != NULL) {
-               com_err(me, EINVAL, "while creating service object");
-                goto err_usage;
-            }
-
-            /* If not present already, fill up service DN */
-            srvparams->servicedn = strdup(argv[i]);
-            if (srvparams->servicedn == NULL) {
-               com_err(me, ENOMEM, "while creating service object");
-                goto err_nomsg;
-            }
-        }
+       if (!strcmp(argv[i], "-kdc")) {
+           srvparams->servicetype = LDAP_KDC_SERVICE;
+       } else if (!strcmp(argv[i], "-admin")) {
+           srvparams->servicetype = LDAP_ADMIN_SERVICE;
+       } else if (!strcmp(argv[i], "-pwd")) {
+           srvparams->servicetype = LDAP_PASSWD_SERVICE;
+       } else if (!strcmp(argv[i], "-servicehost")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+                                                       sizeof(char *));
+           if (srvparams->krbhostservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         srvparams->krbhostservers))) {
+               goto cleanup;
+           }
+
+           if ((retval = process_host_list (srvparams->krbhostservers,
+                                            srvparams->servicetype))) {
+               goto cleanup;
+           }
+
+           mask |= LDAP_SERVICE_HOSTSERVER;
+       } else if (!strcmp(argv[i], "-realm")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+                                                           sizeof(char *));
+           if (srvparams->krbrealmreferences == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         srvparams->krbrealmreferences))) {
+               goto cleanup;
+           }
+
+           /* Convert realm names to realm DNs */
+           if ((retval = convert_realm_name2dn_list(
+                    srvparams->krbrealmreferences,
+                    ldap_context->krbcontainer->DN))) {
+               goto cleanup;
+           }
+
+           mask |= LDAP_SERVICE_REALMREFERENCE;
+       }
+       /* If argument is none of the above and beginning with '-',
+        * it must be related to password -- collect it
+        * to pass onto kdb5_ldap_set_service_password()
+        */
+       else if (*(argv[i]) == '-') {
+           /* Checking for options of setting the password for the
+            * service (by using 'setsrvpw') is not modular. --need to
+            * have a common function that can be shared with 'setsrvpw'
+            */
+           if (!strcmp(argv[i], "-randpw")) {
+               extra_argv[extra_argc] = argv[i];
+               extra_argc++;
+           } else if (!strcmp(argv[i], "-fileonly")) {
+               extra_argv[extra_argc] = argv[i];
+               extra_argc++;
+           }
+           /* For '-f' option alone, pick up the following argument too */
+           else if (!strcmp(argv[i], "-f")) {
+               extra_argv[extra_argc] = argv[i];
+               extra_argc++;
+
+               if (++i > argc - 1)
+                   goto err_usage;
+
+               extra_argv[extra_argc] = argv[i];
+               extra_argc++;
+           } else { /* Any other option is invalid */
+               exit_status++;
+               goto err_usage;
+           }
+       } else { /* Any other argument must be service DN */
+           /* First check if service DN is already provided --
+            * if so, there's a usage error
+            */
+           if (srvparams->servicedn != NULL) {
+               com_err(me, EINVAL, "while creating service object");
+               goto err_usage;
+           }
+
+           /* If not present already, fill up service DN */
+           srvparams->servicedn = strdup(argv[i]);
+           if (srvparams->servicedn == NULL) {
+               com_err(me, ENOMEM, "while creating service object");
+               goto err_nomsg;
+           }
+       }
     }
 
     /* No point in proceeding further if service DN value is not available */
     if (srvparams->servicedn == NULL) {
        com_err(me, EINVAL, "while creating service object");
-        goto err_usage;
+       goto err_usage;
     }
 
     if (srvparams->servicetype == 0) { /* Not provided and hence not set */
        com_err(me, EINVAL, "while creating service object");
-        goto err_usage;
+       goto err_usage;
     }
 
     /* Create object with all attributes provided */
     if ((retval = krb5_ldap_create_service(util_context, srvparams, mask)))
-        goto cleanup;
+       goto cleanup;
 
     service_obj_created = TRUE;
 
-    /* ** NOTE ** srvparams structure should not be modified, as it is 
+    /* ** NOTE ** srvparams structure should not be modified, as it is
      * used for deletion of the service object in case of any failures
      * from now on.
      */
 
     /* Set password too */
     if (extra_argc >= 1) {
-      /* Set service DN as the last argument */
-      extra_argv[extra_argc] = strdup(srvparams->servicedn);
-      extra_argc++;
-      
-      if( (retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0 )
-       {
-         goto err_nomsg;
+       /* Set service DN as the last argument */
+       extra_argv[extra_argc] = strdup(srvparams->servicedn);
+       extra_argc++;
+
+       if ((retval = kdb5_ldap_set_service_password(extra_argc, extra_argv)) != 0) {
+           goto err_nomsg;
        }
     }
     /* Rights assignment */
-    if( mask & LDAP_SERVICE_REALMREFERENCE ) {
+    if (mask & LDAP_SERVICE_REALMREFERENCE) {
 
        printf("%s","Changing rights for the service object. Please wait ... ");
        fflush(stdout);
@@ -411,40 +399,40 @@ void kdb5_ldap_create_service(argc, argv)
        rightsmask |= LDAP_REALM_RIGHTS;
        rightsmask |= LDAP_SUBTREE_RIGHTS;
 
-       if( (srvparams != NULL) && (srvparams->krbrealmreferences != NULL) ) {
-           for ( i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
-               
+       if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
+           for (i=0; (srvparams->krbrealmreferences[i] != NULL); i++) {
+
                /* Get the realm name, not the dn */
                temprdns = ldap_explode_dn(srvparams->krbrealmreferences[i], 1);
-               
-               if( temprdns[0] == NULL ) {
+
+               if (temprdns[0] == NULL) {
                    retval = EINVAL;
                    goto cleanup;
                }
-               
+
                realmName = strdup(temprdns[0]);
-               if( realmName == NULL ) {
+               if (realmName == NULL) {
                    retval = ENOMEM;
                    goto cleanup;
                }
 
-               if((retval = krb5_ldap_read_realm_params(util_context, 
-                               realmName, &rparams, &rmask))) {
+               if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                         realmName, &rparams, &rmask))) {
                    com_err(me, retval, "while reading information of realm '%s'",
-                                realmName);
+                           realmName);
                    goto cleanup;
                }
-               
-               if((retval = krb5_ldap_add_service_rights(util_context, 
-                       srvparams->servicetype, srvparams->servicedn, 
-                       realmName, rparams->subtree, rightsmask))) {
+
+               if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                          srvparams->servicetype, srvparams->servicedn,
+                                                          realmName, rparams->subtree, rightsmask))) {
                    printf("failed\n");
                    com_err(me, retval, "while assigning rights '%s'",
-                       srvparams->servicedn);
+                           srvparams->servicedn);
                    goto cleanup;
                }
-               
-               if( rparams )
+
+               if (rparams)
                    krb5_ldap_free_realm_params(rparams);
            }
        }
@@ -460,37 +448,36 @@ err_nomsg:
 
 cleanup:
 
-    if ((retval != 0) && (service_obj_created == TRUE))
-    {
-      /* This is for deleting the service object if something goes 
-       * wrong in creating the service object 
-       */
+    if ((retval != 0) && (service_obj_created == TRUE)) {
+       /* This is for deleting the service object if something goes
+        * wrong in creating the service object
+        */
 
-      /* srvparams is populated from the user input and should be correct as
-       * we were successful in creating a service object. Reusing the same 
-       */
-      krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
+       /* srvparams is populated from the user input and should be correct as
+        * we were successful in creating a service object. Reusing the same
+        */
+       krb5_ldap_delete_service(util_context, srvparams, srvparams->servicedn);
     }
-    
+
     /* Clean-up structure */
     krb5_ldap_free_service (util_context, srvparams);
 
     if (extra_argv) {
-        free (extra_argv);
-        extra_argv = NULL;
+       free (extra_argv);
+       extra_argv = NULL;
     }
-    if ( realmName ) {
+    if (realmName) {
        free(realmName);
        realmName = NULL;
     }
     if (print_usage)
-        db_usage (CREATE_SERVICE);
+       db_usage (CREATE_SERVICE);
 
     if (retval) {
-        if (!no_msg)
-            com_err(me, retval, "while creating service object");
+       if (!no_msg)
+           com_err(me, retval, "while creating service object");
 
-        exit_status++;
+       exit_status++;
     }
 
     return;
@@ -502,8 +489,8 @@ cleanup:
  * object on the LDAP Server
  */
 void kdb5_ldap_modify_service(argc, argv)
-   int argc;
-   char *argv[];
+    int argc;
+    char *argv[];
 {
     char *me = argv[0];
     krb5_error_code retval = 0;
@@ -530,8 +517,8 @@ void kdb5_ldap_modify_service(argc, argv)
 
     /* Check for number of arguments */
     if ((argc < 3) || (argc > 10)) {
-        exit_status++;
-        goto err_usage;
+       exit_status++;
+       goto err_usage;
     }
 
     dal_handle = (kdb5_dal_handle *) util_context->db_context;
@@ -539,380 +526,366 @@ void kdb5_ldap_modify_service(argc, argv)
 
     /* Parse all arguments, only to pick up service DN (Pass 1) */
     for (i = 1; i < argc; i++) {
-        /* Skip arguments next to 'servicehost'
-           and 'realmdn' arguments */
-        if (!strcmp(argv[i], "-servicehost")) {
-            ++i;
-        }
-        else if (!strcmp(argv[i], "-clearservicehost")) {
-            ++i;
-        }
-        else if (!strcmp(argv[i], "-addservicehost")) {
-            ++i;
-        }
-        else if (!strcmp(argv[i], "-realm")) {
-            ++i;
-        }
-        else if (!strcmp(argv[i], "-clearrealm")) {
-            ++i;
-        }
-        else if (!strcmp(argv[i], "-addrealm")) {
-            ++i;
-        }
-        else { /* Any other argument must be service DN */
-            /* First check if service DN is already provided --
-               if so, there's a usage error */
-            if (servicedn != NULL) {
-               com_err(me, EINVAL, "while modifying service object");
-                goto err_usage;
-            }
-
-            /* If not present already, fill up service DN */
-            servicedn = strdup(argv[i]);
-            if (servicedn == NULL) {
-               com_err(me, ENOMEM, "while modifying service object");
-                goto err_nomsg;
-            }
+       /* Skip arguments next to 'servicehost'
+          and 'realmdn' arguments */
+       if (!strcmp(argv[i], "-servicehost")) {
+           ++i;
+       } else if (!strcmp(argv[i], "-clearservicehost")) {
+           ++i;
+       } else if (!strcmp(argv[i], "-addservicehost")) {
+           ++i;
+       } else if (!strcmp(argv[i], "-realm")) {
+           ++i;
+       } else if (!strcmp(argv[i], "-clearrealm")) {
+           ++i;
+       } else if (!strcmp(argv[i], "-addrealm")) {
+           ++i;
+       } else { /* Any other argument must be service DN */
+           /* First check if service DN is already provided --
+              if so, there's a usage error */
+           if (servicedn != NULL) {
+               com_err(me, EINVAL, "while modifying service object");
+               goto err_usage;
+           }
+
+           /* If not present already, fill up service DN */
+           servicedn = strdup(argv[i]);
+           if (servicedn == NULL) {
+               com_err(me, ENOMEM, "while modifying service object");
+               goto err_nomsg;
+           }
        }
     }
 
     /* No point in proceeding further if service DN value is not available */
     if (servicedn == NULL) {
        com_err(me, EINVAL, "while modifying service object");
-        goto err_usage;
+       goto err_usage;
     }
 
     retval = krb5_ldap_read_service(util_context, servicedn, &srvparams, &in_mask);
     if (retval) {
-        com_err(argv[0], retval, "while reading information of service '%s'",
+       com_err(argv[0], retval, "while reading information of service '%s'",
                servicedn);
-        goto err_nomsg;
+       goto err_nomsg;
     }
 
     /* Read Kerberos container info, to construct realm DN from name
      * and for assigning rights
      */
     if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
-                &(ldap_context->krbcontainer)))) {
-        com_err(me, retval, "while reading Kerberos container information");
-        goto cleanup;
+                                                    &(ldap_context->krbcontainer)))) {
+       com_err(me, retval, "while reading Kerberos container information");
+       goto cleanup;
     }
 
     /* Parse all arguments, but skip the service DN (Pass 2) */
     for (i = 1; i < argc; i++) {
-        if (!strcmp(argv[i], "-servicehost")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            /* Free the old list if available */
-            if (srvparams->krbhostservers) {
-                krb5_free_list_entries (srvparams->krbhostservers);
-                free (srvparams->krbhostservers);
-            }
-
-            srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
-                                                sizeof(char *));
-            if (srvparams->krbhostservers == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                               srvparams->krbhostservers))) {
-                goto cleanup; 
-            }
-
-            if ((retval = process_host_list (srvparams->krbhostservers,
-                               srvparams->servicetype))) {
-                goto cleanup; 
-            }
-
-            out_mask |= LDAP_SERVICE_HOSTSERVER;
-
-            /* Set flag to ignore 'add' and 'clear' */
-            srvhost_flag = 1;
-        }
-        else if (!strcmp(argv[i], "-clearservicehost")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            if (!srvhost_flag) {
-                /* If attribute doesn't exist, don't permit 'clear' option */
-                if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
-                    /* Send out some proper error message here */
+       if (!strcmp(argv[i], "-servicehost")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           /* Free the old list if available */
+           if (srvparams->krbhostservers) {
+               krb5_free_list_entries (srvparams->krbhostservers);
+               free (srvparams->krbhostservers);
+           }
+
+           srvparams->krbhostservers = (char **)calloc(MAX_LIST_ENTRIES,
+                                                       sizeof(char *));
+           if (srvparams->krbhostservers == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         srvparams->krbhostservers))) {
+               goto cleanup;
+           }
+
+           if ((retval = process_host_list (srvparams->krbhostservers,
+                                            srvparams->servicetype))) {
+               goto cleanup;
+           }
+
+           out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+           /* Set flag to ignore 'add' and 'clear' */
+           srvhost_flag = 1;
+       } else if (!strcmp(argv[i], "-clearservicehost")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           if (!srvhost_flag) {
+               /* If attribute doesn't exist, don't permit 'clear' option */
+               if ((in_mask & LDAP_SERVICE_HOSTSERVER) == 0) {
+                   /* Send out some proper error message here */
                    com_err(me, EINVAL, "service host list is empty\n");
-                    goto err_nomsg;
-                }
-
-                /* Allocate list for processing */
-                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                if (list == NULL) {
-                    retval = ENOMEM;
-                    goto cleanup;
-                }
-
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                    goto cleanup;
-
-                if ((retval = process_host_list (list, srvparams->servicetype))) {
-                    goto cleanup; 
-                }
-
-                list_modify_str_array(&(srvparams->krbhostservers), 
-                       (const char**)list, LIST_MODE_DELETE);
-
-                out_mask |= LDAP_SERVICE_HOSTSERVER;
-
-                /* Clean up */
-                free (list);
-                list = NULL;
-            }
-        }
-        else if (!strcmp(argv[i], "-addservicehost")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            if (!srvhost_flag) {
-                /* Allocate list for processing */
-                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                if (list == NULL) {
-                    retval = ENOMEM;
-                    goto cleanup;
-                }
-
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                    goto cleanup;
-
-                if ((retval = process_host_list (list, srvparams->servicetype))) {
-                    goto cleanup; 
-                }
-
-                /* Call list_modify_str_array() only if host server attribute 
-                 * exists already --Actually, it's better to handle this 
+                   goto err_nomsg;
+               }
+
+               /* Allocate list for processing */
+               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+               if (list == NULL) {
+                   retval = ENOMEM;
+                   goto cleanup;
+               }
+
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                   goto cleanup;
+
+               if ((retval = process_host_list (list, srvparams->servicetype))) {
+                   goto cleanup;
+               }
+
+               list_modify_str_array(&(srvparams->krbhostservers),
+                                     (const char**)list, LIST_MODE_DELETE);
+
+               out_mask |= LDAP_SERVICE_HOSTSERVER;
+
+               /* Clean up */
+               free (list);
+               list = NULL;
+           }
+       } else if (!strcmp(argv[i], "-addservicehost")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           if (!srvhost_flag) {
+               /* Allocate list for processing */
+               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+               if (list == NULL) {
+                   retval = ENOMEM;
+                   goto cleanup;
+               }
+
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                   goto cleanup;
+
+               if ((retval = process_host_list (list, srvparams->servicetype))) {
+                   goto cleanup;
+               }
+
+               /* Call list_modify_str_array() only if host server attribute
+                * exists already --Actually, it's better to handle this
                 * within list_modify_str_array()
                 */
-                if (in_mask & LDAP_SERVICE_HOSTSERVER) {
-                    /* Re-size existing list */
-                    existing_entries = list_count_str_array(srvparams->krbhostservers);
-                    new_entries = list_count_str_array(list);
-                    temp_ptr = (char **) realloc(srvparams->krbhostservers, 
-                               sizeof(char *) * (existing_entries + new_entries + 1));
-                    if (temp_ptr == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    srvparams->krbhostservers = temp_ptr;
-
-                    list_modify_str_array(&(srvparams->krbhostservers), 
-                       (const char**)list, LIST_MODE_ADD);
-
-                    /* Clean up */
-                    free (list);
-                    list = NULL;
-               }
-                else
-                    srvparams->krbhostservers = list;
-
-                out_mask |= LDAP_SERVICE_HOSTSERVER;
-            }
-        }
-        else if (!strcmp(argv[i], "-realm")) {
-            if (++i > argc - 1)
-                goto err_usage; 
-
-            if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
-                if (!oldrealmrefs) {
-                   /* Store the old realm list for removing rights */
-                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                   if (oldrealmrefs == NULL) {
-                       retval = ENOMEM;
-                       goto cleanup;
-                   }
-           
+               if (in_mask & LDAP_SERVICE_HOSTSERVER) {
+                   /* Re-size existing list */
+                   existing_entries = list_count_str_array(srvparams->krbhostservers);
+                   new_entries = list_count_str_array(list);
+                   temp_ptr = (char **) realloc(srvparams->krbhostservers,
+                                                sizeof(char *) * (existing_entries + new_entries + 1));
+                   if (temp_ptr == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   srvparams->krbhostservers = temp_ptr;
+
+                   list_modify_str_array(&(srvparams->krbhostservers),
+                                         (const char**)list, LIST_MODE_ADD);
+
+                   /* Clean up */
+                   free (list);
+                   list = NULL;
+               } else
+                   srvparams->krbhostservers = list;
+
+               out_mask |= LDAP_SERVICE_HOSTSERVER;
+           }
+       } else if (!strcmp(argv[i], "-realm")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences)) {
+               if (!oldrealmrefs) {
+                   /* Store the old realm list for removing rights */
+                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                   if (oldrealmrefs == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+
                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-                       if (oldrealmrefs[j] == NULL) {
+                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                       if (oldrealmrefs[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldrealmrefs[j] = NULL;
-               }
-
-                /* Free the old list if available */
-                krb5_free_list_entries (srvparams->krbrealmreferences);
-                free (srvparams->krbrealmreferences);
-            }
-
-            srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
-                        sizeof(char *));
-            if (srvparams->krbrealmreferences == NULL) {
-                retval = ENOMEM;
-                goto cleanup;
-            }
-
-            if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, 
-                       srvparams->krbrealmreferences))) {
-               goto cleanup; 
-            }
-
-            /* Convert realm names to realm DNs */
-            if ((retval = convert_realm_name2dn_list(
-                       srvparams->krbrealmreferences, 
-                       ldap_context->krbcontainer->DN))) {
-                goto cleanup; 
-            }
-
-            out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
-            /* Set flag to ignore 'add' and 'clear' */
-            realmdn_flag = 1;
-        }
-        else if (!strcmp(argv[i], "-clearrealm")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            if (!realmdn_flag) {
-                /* If attribute doesn't exist, don't permit 'clear' option */
-                if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
-                    /* Send out some proper error message here */
-                    goto err_nomsg;
-                }
-
-                if (!oldrealmrefs) {
+               }
+
+               /* Free the old list if available */
+               krb5_free_list_entries (srvparams->krbrealmreferences);
+               free (srvparams->krbrealmreferences);
+           }
+
+           srvparams->krbrealmreferences = (char **)calloc(MAX_LIST_ENTRIES,
+                                                           sizeof(char *));
+           if (srvparams->krbrealmreferences == NULL) {
+               retval = ENOMEM;
+               goto cleanup;
+           }
+
+           if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER,
+                                         srvparams->krbrealmreferences))) {
+               goto cleanup;
+           }
+
+           /* Convert realm names to realm DNs */
+           if ((retval = convert_realm_name2dn_list(
+                    srvparams->krbrealmreferences,
+                    ldap_context->krbcontainer->DN))) {
+               goto cleanup;
+           }
+
+           out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+           /* Set flag to ignore 'add' and 'clear' */
+           realmdn_flag = 1;
+       } else if (!strcmp(argv[i], "-clearrealm")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           if (!realmdn_flag) {
+               /* If attribute doesn't exist, don't permit 'clear' option */
+               if (((in_mask & LDAP_SERVICE_REALMREFERENCE) == 0) || (srvparams->krbrealmreferences == NULL)) {
+                   /* Send out some proper error message here */
+                   goto err_nomsg;
+               }
+
+               if (!oldrealmrefs) {
                    /* Store the old realm list for removing rights */
-                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                    if (oldrealmrefs == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
+                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                   if (oldrealmrefs == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
 
                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-                       if (oldrealmrefs[j] == NULL) {
-                           retval = ENOMEM;
-                           goto cleanup;
-                       }
+                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                       if (oldrealmrefs[j] == NULL) {
+                           retval = ENOMEM;
+                           goto cleanup;
+                       }
                    }
                    oldrealmrefs[j] = NULL;
-                }
-
-                /* Allocate list for processing */
-                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                if (list == NULL) {
-                    retval = ENOMEM;
-                    goto cleanup;
-                }
-
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                    goto cleanup;
-
-                /* Convert realm names to realm DNs */
-                if ((retval = convert_realm_name2dn_list(list, 
-                       ldap_context->krbcontainer->DN))) {
-                    goto cleanup; 
-                }
-
-                list_modify_str_array(&(srvparams->krbrealmreferences), 
-                       (const char**)list, LIST_MODE_DELETE);
-
-                out_mask |= LDAP_SERVICE_REALMREFERENCE;
-
-                /* Clean up */
-                free (list);
-                list = NULL;
-            }
-        }
-        else if (!strcmp(argv[i], "-addrealm")) {
-            if (++i > argc - 1)
-                goto err_usage;
-
-            if (!realmdn_flag) {
-                /* Allocate list for processing */
-                list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                if (list == NULL) {
-                    retval = ENOMEM;
-                    goto cleanup;
-                }
-
-                if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
-                    goto cleanup;
-
-                /* Convert realm names to realm DNs */
-                if ((retval = convert_realm_name2dn_list(list, 
-                       ldap_context->krbcontainer->DN))) {
-                    goto cleanup; 
-                }
-
-                if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
+               }
+
+               /* Allocate list for processing */
+               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+               if (list == NULL) {
+                   retval = ENOMEM;
+                   goto cleanup;
+               }
+
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                   goto cleanup;
+
+               /* Convert realm names to realm DNs */
+               if ((retval = convert_realm_name2dn_list(list,
+                                                        ldap_context->krbcontainer->DN))) {
+                   goto cleanup;
+               }
+
+               list_modify_str_array(&(srvparams->krbrealmreferences),
+                                     (const char**)list, LIST_MODE_DELETE);
+
+               out_mask |= LDAP_SERVICE_REALMREFERENCE;
+
+               /* Clean up */
+               free (list);
+               list = NULL;
+           }
+       } else if (!strcmp(argv[i], "-addrealm")) {
+           if (++i > argc - 1)
+               goto err_usage;
+
+           if (!realmdn_flag) {
+               /* Allocate list for processing */
+               list = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+               if (list == NULL) {
+                   retval = ENOMEM;
+                   goto cleanup;
+               }
+
+               if ((retval = krb5_parse_list(argv[i], LIST_DELIMITER, list)))
+                   goto cleanup;
+
+               /* Convert realm names to realm DNs */
+               if ((retval = convert_realm_name2dn_list(list,
+                                                        ldap_context->krbcontainer->DN))) {
+                   goto cleanup;
+               }
+
+               if ((in_mask & LDAP_SERVICE_REALMREFERENCE) && (srvparams->krbrealmreferences) && (!oldrealmrefs)) {
                    /* Store the old realm list for removing rights */
-                    oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
-                    if (oldrealmrefs == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
+                   oldrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
+                   if (oldrealmrefs == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
 
                    for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
-                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
-                       if (oldrealmrefs[j] == NULL) {
+                       oldrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
+                       if (oldrealmrefs[j] == NULL) {
                            retval = ENOMEM;
                            goto cleanup;
-                       }
+                       }
                    }
                    oldrealmrefs[j] = NULL;
-                }
+               }
 
-                /* Call list_modify_str_array() only if realm DN attribute 
-                 * exists already -- Actually, it's better to handle this 
+               /* Call list_modify_str_array() only if realm DN attribute
+                * exists already -- Actually, it's better to handle this
                 * within list_modify_str_array() */
-                if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
-                    /* Re-size existing list */
-                    existing_entries = list_count_str_array(
-                               srvparams->krbrealmreferences);
-                    new_entries = list_count_str_array(list);
-                    temp_ptr = (char **) realloc(srvparams->krbrealmreferences, 
-                        sizeof(char *) * (existing_entries + new_entries + 1));
-                    if (temp_ptr == NULL) {
-                        retval = ENOMEM;
-                        goto cleanup;
-                    }
-                    srvparams->krbrealmreferences = temp_ptr;
-
-                    list_modify_str_array(&(srvparams->krbrealmreferences), 
-                       (const char**)list, LIST_MODE_ADD);
-
-                    /* Clean up */
-                    free (list);
-                    list = NULL;
-                }
-                else
-                    srvparams->krbrealmreferences = list;
-
-                out_mask |= LDAP_SERVICE_REALMREFERENCE;
-            }
-        }
-        else {
-             /* Any other argument must be service DN
-                -- skip it */
-        }
+               if (in_mask & LDAP_SERVICE_REALMREFERENCE) {
+                   /* Re-size existing list */
+                   existing_entries = list_count_str_array(
+                       srvparams->krbrealmreferences);
+                   new_entries = list_count_str_array(list);
+                   temp_ptr = (char **) realloc(srvparams->krbrealmreferences,
+                                                sizeof(char *) * (existing_entries + new_entries + 1));
+                   if (temp_ptr == NULL) {
+                       retval = ENOMEM;
+                       goto cleanup;
+                   }
+                   srvparams->krbrealmreferences = temp_ptr;
+
+                   list_modify_str_array(&(srvparams->krbrealmreferences),
+                                         (const char**)list, LIST_MODE_ADD);
+
+                   /* Clean up */
+                   free (list);
+                   list = NULL;
+               } else
+                   srvparams->krbrealmreferences = list;
+
+               out_mask |= LDAP_SERVICE_REALMREFERENCE;
+           }
+       } else {
+           /* Any other argument must be service DN
+              -- skip it */
+       }
     }
 
     /* Modify attributes of object */
     if ((retval = krb5_ldap_modify_service(util_context, srvparams, out_mask)))
-        goto cleanup;
+       goto cleanup;
 
     /* Service rights modification code */
     if (out_mask & LDAP_SERVICE_REALMREFERENCE) {
 
        printf("%s","Changing rights for the service object. Please wait ... ");
        fflush(stdout);
-       
+
        newrealmrefs = (char**) calloc(MAX_LIST_ENTRIES, sizeof(char*));
        if (newrealmrefs == NULL) {
            retval = ENOMEM;
            goto cleanup;
        }
-           
+
        if ((srvparams != NULL) && (srvparams->krbrealmreferences != NULL)) {
            for (j = 0; srvparams->krbrealmreferences[j] != NULL; j++) {
                newrealmrefs[j] = strdup(srvparams->krbrealmreferences[j]);
@@ -924,9 +897,9 @@ void kdb5_ldap_modify_service(argc, argv)
            newrealmrefs[j] = NULL;
        }
        disjoint_members(oldrealmrefs, newrealmrefs);
-       
-       /* Delete the rights for the given service, on each of the realm 
-        * container & subtree in the old realm reference list. 
+
+       /* Delete the rights for the given service, on each of the realm
+        * container & subtree in the old realm reference list.
         */
        if (oldrealmrefs) {
            rightsmask = 0;
@@ -936,89 +909,89 @@ void kdb5_ldap_modify_service(argc, argv)
            for (i = 0; (oldrealmrefs[i] != NULL); i++) {
                /* Get the realm name, not the dn */
                temprdns = ldap_explode_dn(oldrealmrefs[i], 1);
-               
+
                if (temprdns[0] == NULL) {
                    retval = EINVAL;
                    goto cleanup;
                }
-               
+
                realmName = strdup(temprdns[0]);
                if (realmName == NULL) {
                    retval = ENOMEM;
                    goto cleanup;
                }
 
-               if ((retval = krb5_ldap_read_realm_params(util_context, 
-                               realmName, &rparams, &rmask))) {
+               if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                         realmName, &rparams, &rmask))) {
                    com_err(me, retval, "while reading information of realm '%s'",
-                        realmName);
+                           realmName);
                    goto err_nomsg;
                }
-               
+
                if ((retval = krb5_ldap_delete_service_rights(util_context,
-                       srvparams->servicetype, srvparams->servicedn, 
-                       realmName, rparams->subtree, rightsmask))) {
+                                                             srvparams->servicetype, srvparams->servicedn,
+                                                             realmName, rparams->subtree, rightsmask))) {
                    printf("failed\n");
                    com_err(me, retval, "while assigning rights '%s'",
-                       srvparams->servicedn);
+                           srvparams->servicedn);
                    goto err_nomsg;
                }
-               
+
                if (rparams)
                    krb5_ldap_free_realm_params(rparams);
            }
        }
-           
-       /* Add the rights for the given service, on each of the realm 
+
+       /* Add the rights for the given service, on each of the realm
         * container & subtree in the new realm reference list.
         */
        if (newrealmrefs) {
            rightsmask = 0;
            rightsmask |= LDAP_REALM_RIGHTS;
            rightsmask |= LDAP_SUBTREE_RIGHTS;
-           
+
            for (i = 0; (newrealmrefs[i] != NULL); i++) {
                /* Get the realm name, not the dn */
                temprdns = ldap_explode_dn(newrealmrefs[i], 1);
-                   
+
                if (temprdns[0] == NULL) {
                    retval = EINVAL;
                    goto cleanup;
                }
-               
+
                realmName = strdup(temprdns[0]);
                if (realmName == NULL) {
                    retval = ENOMEM;
                    goto cleanup;
                }
-               
-               if ((retval = krb5_ldap_read_krbcontainer_params(util_context, 
-                       &(ldap_context->krbcontainer)))) {
-                   com_err(me, retval, 
-                       "while reading Kerberos container information");
+
+               if ((retval = krb5_ldap_read_krbcontainer_params(util_context,
+                                                                &(ldap_context->krbcontainer)))) {
+                   com_err(me, retval,
+                           "while reading Kerberos container information");
                    goto cleanup;
                }
 
-               if ((retval = krb5_ldap_read_realm_params(util_context, 
-                               realmName, &rparams, &rmask))) {
+               if ((retval = krb5_ldap_read_realm_params(util_context,
+                                                         realmName, &rparams, &rmask))) {
                    com_err(me, retval, "while reading information of realm '%s'",
-                       realmName);
+                           realmName);
                    goto err_nomsg;
                }
-               
-               if ((retval = krb5_ldap_add_service_rights(util_context, 
-                               srvparams->servicetype, srvparams->servicedn, 
-                               realmName, rparams->subtree, rightsmask))) {
+
+               if ((retval = krb5_ldap_add_service_rights(util_context,
+                                                          srvparams->servicetype, srvparams->servicedn,
+                                                          realmName, rparams->subtree, rightsmask))) {
                    printf("failed\n");
-                   com_err(me, retval, "while assigning rights '%s'", 
-                       srvparams->servicedn);
+                   com_err(me, retval, "while assigning rights '%s'",
+                           srvparams->servicedn);
                    goto err_nomsg;
                }
-               
+
                if (rparams) {
                    krb5_ldap_free_realm_params(rparams);
-                    rparams = NULL;
-                }
+                   rparams = NULL;
+               }
            }
            printf("done\n");
        }
@@ -1036,11 +1009,11 @@ cleanup:
     krb5_ldap_free_service(util_context, srvparams);
 
     if (servicedn)
-        free(servicedn);
+       free(servicedn);
 
     if (list) {
-        free(list);
-        list = NULL;
+       free(list);
+       list = NULL;
     }
 
     if (oldrealmrefs) {
@@ -1055,17 +1028,17 @@ cleanup:
        free(newrealmrefs);
     }
     if (realmName) {
-        free(realmName);
-        realmName = NULL;
+       free(realmName);
+       realmName = NULL;
     }
 
     if (print_usage)
-        db_usage(MODIFY_SERVICE);
+       db_usage(MODIFY_SERVICE);
 
     if (retval) {
-        if (!no_msg)
-            com_err(me, retval, "while modifying service object");
-        exit_status++;
+       if (!no_msg)
+           com_err(me, retval, "while modifying service object");
+       exit_status++;
     }
 
     return;
@@ -1078,10 +1051,10 @@ cleanup:
  */
 static krb5_error_code
 rem_service_entry_from_file(argc, argv, file_name, service_object)
-int argc;
-char *argv[];
-char *file_name;
-char *service_object;
+    int argc;
+    char *argv[];
+    char *file_name;
+    char *service_object;
 {
     int     st        = EINVAL;
     char    *me       = argv[0];
@@ -1095,17 +1068,16 @@ char *service_object;
     /* Check for permissions on the password file */
     if (access(file_name, W_OK) == -1) {
        /* If the specified file itself is not there, no need to show error */
-       if (errno == ENOENT) {
+       if (errno == ENOENT) {
            st=0;
            goto cleanup;
-       }
-       else {
+       } else {
            com_err(me, errno, "while deleting entry from file %s", file_name);
            goto cleanup;
        }
     }
-    
-    /* Create a temporary file which contains all the entries except the 
+
+    /* Create a temporary file which contains all the entries except the
        entry for the given service dn */
     pfile = fopen(file_name, "r+");
     if (pfile == NULL) {
@@ -1121,7 +1093,7 @@ char *service_object;
        goto cleanup;
     }
     snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp");
-    
+
 
     tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR);
     umask(omask);
@@ -1130,14 +1102,13 @@ char *service_object;
        fclose(pfile);
        goto cleanup;
     }
-    
+
     /* Copy only those lines which donot have the specified service dn */
-    while(fgets(line, MAX_LEN, pfile) != NULL) {
-       if (( strstr(line, service_object) != NULL ) && 
-           ( line[strlen(service_object)] == '#')) {
+    while (fgets(line, MAX_LEN, pfile) != NULL) {
+       if ((strstr(line, service_object) != NULL) &&
+           (line[strlen(service_object)] == '#')) {
            continue;
-       }
-       else {
+       } else {
            len = strlen(line);
            if (write(tmpfd, line, len) != len) {
                com_err(me, errno, "while deleting entry from file\n");
@@ -1148,21 +1119,20 @@ char *service_object;
            }
        }
     }
-    
+
     fclose(pfile);
     if (unlink(file_name) == 0) {
        link(tmp_file, file_name);
-    }
-    else {
+    } else {
        com_err(me, errno, "while deleting entry from file\n");
     }
     unlink(tmp_file);
-    
+
     st=0;
 
- cleanup:
-    
-    if(tmp_file)
+cleanup:
+
+    if (tmp_file)
        free(tmp_file);
 
     return st;
@@ -1173,7 +1143,7 @@ char *service_object;
  * This function will delete the service object from the LDAP Server
  * and unlink the references to the Realm objects (if any)
  */
-void 
+void
 kdb5_ldap_destroy_service(argc, argv)
     int argc;
     char *argv[];
@@ -1189,47 +1159,43 @@ kdb5_ldap_destroy_service(argc, argv)
     krb5_boolean print_usage = FALSE;
 
     if ((argc < 2) || (argc > 5)) {
-        exit_status++;
+       exit_status++;
        goto err_usage;
     }
 
-    fori=1; i < argc; i++) {
-       
-       if(strcmp(argv[i],"-force")==0) {
+    for (i=1; i < argc; i++) {
+
+       if (strcmp(argv[i],"-force")==0) {
            force++;
-       }
-       else if(strcmp(argv[i],"-f")==0) {
-           if(argv[i+1]) {
+       } else if (strcmp(argv[i],"-f")==0) {
+           if (argv[i+1]) {
                stashfilename=strdup(argv[i+1]);
-               if(stashfilename == NULL) {
+               if (stashfilename == NULL) {
                    com_err(argv[0], ENOMEM, "while destroying service");
                    exit_status++;
                    goto cleanup;
                }
                i++;
-           }
-           else {
+           } else {
                exit_status++;
                goto err_usage;
            }
-       }
-       else {
-           if((argv[i]) && ( servicedn == NULL) ){
+       } else {
+           if ((argv[i]) && (servicedn == NULL)) {
                servicedn=strdup(argv[i]);
-               if(servicedn == NULL) {
+               if (servicedn == NULL) {
                    com_err(argv[0], ENOMEM, "while destroying service");
                    exit_status++;
                    goto cleanup;
                }
-           }
-           else {
+           } else {
                exit_status++;
                goto err_usage;
            }
        }
     }
 
-    if(!servicedn) {
+    if (!servicedn) {
        exit_status++;
        goto err_usage;
     }
@@ -1238,66 +1204,66 @@ kdb5_ldap_destroy_service(argc, argv)
        printf("This will delete the service object '%s', are you sure?\n", servicedn);
        printf("(type 'yes' to confirm)? ");
        if (fgets(buf, sizeof(buf), stdin) == NULL) {
-           exit_status++; 
+           exit_status++;
            goto cleanup;;
        }
        if (strcmp(buf, yes)) {
-           exit_status++; 
+           exit_status++;
            goto cleanup;
        }
     }
 
-    if ((retval = krb5_ldap_read_service( util_context, servicedn, 
-               &lserparams, &mask))) {
-       com_err(argv[0], retval, "while destroying service '%s'",servicedn );
-        exit_status++; 
+    if ((retval = krb5_ldap_read_service(util_context, servicedn,
+                                        &lserparams, &mask))) {
+       com_err(argv[0], retval, "while destroying service '%s'",servicedn);
+       exit_status++;
        goto cleanup;
     }
 
     retval = krb5_ldap_delete_service(util_context, lserparams, servicedn);
 
     if (retval) {
-        com_err(argv[0], retval, "while destroying service '%s'", servicedn);
-        exit_status++; 
+       com_err(argv[0], retval, "while destroying service '%s'", servicedn);
+       exit_status++;
        goto cleanup;
     }
-    
-    if(stashfilename == NULL) {
+
+    if (stashfilename == NULL) {
        stashfilename = strdup(DEF_SERVICE_PASSWD_FILE);
-       if(stashfilename == NULL) {
+       if (stashfilename == NULL) {
            com_err(argv[0], ENOMEM, "while destroying service");
            exit_status++;
            goto cleanup;
        }
     }
     printf("** service object '%s' deleted.\n", servicedn);
-    retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn );
-    
-    if(retval)
+    retval = rem_service_entry_from_file(argc, argv, stashfilename, servicedn);
+
+    if (retval)
        printf("** error removing service object entry '%s' from password file.\n",
-               servicedn);
-    
+              servicedn);
+
     goto cleanup;
-    
-    
- err_usage:
+
+
+err_usage:
     print_usage = TRUE;
-    
- cleanup:
 
-    if(lserparams) {
+cleanup:
+
+    if (lserparams) {
        krb5_ldap_free_service(util_context, lserparams);
     }
 
-    if(servicedn) {
+    if (servicedn) {
        free(servicedn);
     }
-    
-    if(stashfilename) {
+
+    if (stashfilename) {
        free(stashfilename);
     }
-    
-    if(print_usage) {
+
+    if (print_usage) {
        db_usage(DESTROY_SERVICE);
     }
 
@@ -1319,49 +1285,49 @@ void kdb5_ldap_view_service(argc, argv)
     krb5_boolean print_usage = FALSE;
 
     if (!(argc == 2)) {
-        exit_status++;
+       exit_status++;
        goto err_usage;
     }
-    
+
     servicedn=strdup(argv[1]);
-    if(servicedn == NULL) {
+    if (servicedn == NULL) {
        com_err(argv[0], ENOMEM, "while viewing service");
        exit_status++;
        goto cleanup;
     }
-    
-    if ((retval = krb5_ldap_read_service( util_context, servicedn, &lserparams, &mask))) {
-       com_err(argv[0], retval, "while viewing service '%s'",servicedn );
-        exit_status++;
-        goto cleanup;
+
+    if ((retval = krb5_ldap_read_service(util_context, servicedn, &lserparams, &mask))) {
+       com_err(argv[0], retval, "while viewing service '%s'",servicedn);
+       exit_status++;
+       goto cleanup;
     }
-    
+
     print_service_params(lserparams, mask);
 
     goto cleanup;
 
- err_usage:
+err_usage:
     print_usage = TRUE;
 
- cleanup:
+cleanup:
 
-    if(lserparams) {
+    if (lserparams) {
        krb5_ldap_free_service(util_context, lserparams);
     }
 
-    if(servicedn)
+    if (servicedn)
        free(servicedn);
 
-    if(print_usage) {
+    if (print_usage) {
        db_usage(VIEW_SERVICE);
     }
-    
+
     return;
 }
 
 
 /*
- * This function will list the DNs of kerberos services present on 
+ * This function will list the DNs of kerberos services present on
  * the LDAP Server under a specific sub-tree (entire tree by default)
  */
 void kdb5_ldap_list_services(argc, argv)
@@ -1377,33 +1343,33 @@ void kdb5_ldap_list_services(argc, argv)
 
     /* Check for number of arguments */
     if ((argc != 1) && (argc != 3)) {
-        exit_status++;
+       exit_status++;
        goto err_usage;
     }
 
     /* Parse base DN argument if present */
     if (argc == 3) {
-        if (strcmp(argv[1], "-basedn")) {
-            retval = EINVAL;
-            goto err_usage;
-        }
+       if (strcmp(argv[1], "-basedn")) {
+           retval = EINVAL;
+           goto err_usage;
+       }
 
-        basedn = strdup(argv[2]);
-        if (basedn == NULL) {
-            com_err(me, ENOMEM, "while listing services");
-            exit_status++;
-            goto cleanup;
-        }
+       basedn = strdup(argv[2]);
+       if (basedn == NULL) {
+           com_err(me, ENOMEM, "while listing services");
+           exit_status++;
+           goto cleanup;
+       }
     }
 
     retval = krb5_ldap_list_services(util_context, basedn, &list);
-    if((retval != 0) || (list == NULL)) {
-        exit_status++;
-        goto cleanup;
+    if ((retval != 0) || (list == NULL)) {
+       exit_status++;
+       goto cleanup;
     }
-    
-    for(plist = list; *plist != NULL; plist++) {
-        printf("%s\n", *plist);
+
+    for (plist = list; *plist != NULL; plist++) {
+       printf("%s\n", *plist);
     }
 
     goto cleanup;
@@ -1413,22 +1379,22 @@ err_usage:
 
 cleanup:
     if (list != NULL) {
-        krb5_free_list_entries (list);
-        free (list);
+       krb5_free_list_entries (list);
+       free (list);
     }
 
     if (basedn)
        free (basedn);
 
     if (print_usage) {
-        db_usage(LIST_SERVICE);
+       db_usage(LIST_SERVICE);
     }
 
     if (retval) {
-        com_err(me, retval, "while listing policy objects");
-        exit_status++;
+       com_err(me, retval, "while listing policy objects");
+       exit_status++;
     }
-   
+
     return;
 }
 
@@ -1448,97 +1414,91 @@ print_service_params(lserparams, mask)
     printf("%20s%-20s\n","Service dn: ",lserparams->servicedn);
 
     /* Print the service type of the object to be read */
-    if( lserparams->servicetype == LDAP_KDC_SERVICE ) {
+    if (lserparams->servicetype == LDAP_KDC_SERVICE) {
        printf("%20s%-20s\n","Service type: ","kdc");
-    }
-    else if( lserparams->servicetype == LDAP_ADMIN_SERVICE ) {
+    } else if (lserparams->servicetype == LDAP_ADMIN_SERVICE) {
        printf("%20s%-20s\n","Service type: ","admin");
-    }
-    else if( lserparams->servicetype == LDAP_PASSWD_SERVICE ) {
+    } else if (lserparams->servicetype == LDAP_PASSWD_SERVICE) {
        printf("%20s%-20s\n","Service type: ","pwd");
     }
 
     /* Print the host server values */
     printf("%20s\n","Service host list: ");
-    if ( mask & LDAP_SERVICE_HOSTSERVER ) {
-       for ( i=0; lserparams->krbhostservers[i] != NULL; ++i ) {
+    if (mask & LDAP_SERVICE_HOSTSERVER) {
+       for (i=0; lserparams->krbhostservers[i] != NULL; ++i) {
            printf("%20s%-50s\n","",lserparams->krbhostservers[i]);
        }
     }
 
     /* Print the realm reference dn values */
     printf("%20s\n","Realm DN list: ");
-    if ( mask & LDAP_SERVICE_REALMREFERENCE ) {
-       for ( i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i ) {
+    if (mask & LDAP_SERVICE_REALMREFERENCE) {
+       for (i=0; lserparams && lserparams->krbrealmreferences && lserparams->krbrealmreferences[i] != NULL; ++i) {
            printf("%20s%-50s\n","",lserparams->krbrealmreferences[i]);
        }
     }
-    
+
     return;
 }
 
 
 /*
- * This function will generate random  password of length(RANDOM_PASSWD_LEN) 
- * 
+ * This function will generate random  password of length(RANDOM_PASSWD_LEN)
+ *
  *
  * INPUT:
  *      ctxt - context
  *
  * OUTPUT:
- *     RANDOM_PASSWD_LEN length random password 
+ *     RANDOM_PASSWD_LEN length random password
  */
 static int generate_random_password(krb5_context ctxt, char **randpwd, unsigned int *passlen)
 {
-       char *random_pwd = NULL;
-       int ret = 0;
-       krb5_data data;
-       int i=0;        
-       /*int len = 0;*/
-
-       /* setting random password length in the range 16-32 */
-       srand((unsigned int)(time(0) ^ getpid()));
-
-       data.length = RANDOM_PASSWD_LEN;
-       random_pwd = (char *)malloc(data.length + 1);
-       if (random_pwd == NULL) {
-               com_err("setsrvpw", ENOMEM, "while generating random password");
-                       return ENOMEM;
-        }
-       memset(random_pwd, 0, data.length + 1);
-       data.data = random_pwd;
-
-       ret = krb5_c_random_make_octets(ctxt, &data);
-       if(ret) {
-           com_err("setsrvpw", ret, "Error generating random password");
-           free(random_pwd);
-           return ret;
-       }
-
-       for (i=0; i<data.length; i++)
-       {
-               /* restricting to ascii chars. Need to change this when 8.8 supports */
-               if ((unsigned char)random_pwd[i] > 127)
-               {
-                       random_pwd[i] = (unsigned char)random_pwd[i] % 128;
-               }
-               else if (random_pwd[i] == 0)
-               {
-                       random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
-               }
+    char *random_pwd = NULL;
+    int ret = 0;
+    krb5_data data;
+    int i=0;
+    /*int len = 0;*/
+
+    /* setting random password length in the range 16-32 */
+    srand((unsigned int)(time(0) ^ getpid()));
+
+    data.length = RANDOM_PASSWD_LEN;
+    random_pwd = (char *)malloc(data.length + 1);
+    if (random_pwd == NULL) {
+       com_err("setsrvpw", ENOMEM, "while generating random password");
+       return ENOMEM;
+    }
+    memset(random_pwd, 0, data.length + 1);
+    data.data = random_pwd;
+
+    ret = krb5_c_random_make_octets(ctxt, &data);
+    if (ret) {
+       com_err("setsrvpw", ret, "Error generating random password");
+       free(random_pwd);
+       return ret;
+    }
+
+    for (i=0; i<data.length; i++) {
+       /* restricting to ascii chars. Need to change this when 8.8 supports */
+       if ((unsigned char)random_pwd[i] > 127) {
+           random_pwd[i] = (unsigned char)random_pwd[i] % 128;
+       } else if (random_pwd[i] == 0) {
+           random_pwd[i] = (rand()/(RAND_MAX/127 + 1))+1;
        }
+    }
 
-       *randpwd = random_pwd;
-       *passlen = data.length;
+    *randpwd = random_pwd;
+    *passlen = data.length;
 
     return 0;
 }
 
 
 /*
- * This function will set the password of the service object in the directory 
+ * This function will set the password of the service object in the directory
  * and/or the specified service password file.
- * 
+ *
  *
  * INPUT:
  *      argc - contains the number of arguments for this sub-command
@@ -1575,8 +1535,8 @@ kdb5_ldap_set_service_password(argc, argv)
     kdb5_dal_handle *dal_handle = NULL;
     struct data encrypted_passwd = {0, NULL};
 
-    /* The arguments for setsrv password should contain the service object DN 
-     * and options to specify whether the password should be updated in file only  
+    /* The arguments for setsrv password should contain the service object DN
+     * and options to specify whether the password should be updated in file only
      * or both file and directory. So the possible combination of arguments are:
      * setsrvpw servicedn                              wherein argc is 2
      * setsrvpw        -fileonly servicedn                     wherein argc is 3
@@ -1586,219 +1546,213 @@ kdb5_ldap_set_service_password(argc, argv)
      * setsrvpw -randpw -f filename servicedn          wherein argc is 5
      */
     if ((argc < 2) || (argc > 5)) {
-        print_usage = TRUE;
-        goto cleanup;
+       print_usage = TRUE;
+       goto cleanup;
     }
 
     dal_handle = (kdb5_dal_handle *)util_context->db_context;
     lparams = (krb5_ldap_context *) dal_handle->db_context;
 
     if (lparams == NULL) {
-           printf("%s: Invalid LDAP handle\n", me);
-           goto cleanup;
+       printf("%s: Invalid LDAP handle\n", me);
+       goto cleanup;
     }
 
-    /* Parse the arguments */  
-    for(i = 1; i < argc -1 ; i++) {    
-        if (strcmp(argv[i], "-randpw") == 0) {
-            random_passwd = 1;
-        }
-        else if (strcmp(argv[i], "-fileonly") == 0) {
-            set_dir_pwd = 0;
-        }
-        else if (strcmp(argv[i], "-f") == 0) {
-            if (argv[++i] == NULL) {
-                print_usage = TRUE;
-                goto cleanup;
-            }
-
-            file_name = strdup(argv[i]);
-            if (file_name == NULL) {
-                com_err(me, ENOMEM, "while setting service object password");
-                goto cleanup;
-            }
-            /* Verify if the file location has the proper file name 
-             * for eg, if the file location is a directory like /home/temp/, 
-             * we reject it.
-             */
-            filelen = strlen(file_name);
-            if ((filelen == 0) || (file_name[filelen-1] == '/')) {
-                printf("%s: Filename not specified for setting service object password\n", me);
-                       print_usage = TRUE;
-                goto cleanup;
-            }
-        }      
-        else {
-            printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
-            print_usage = TRUE;
-            goto cleanup;
-        }
+    /* Parse the arguments */
+    for (i = 1; i < argc -1 ; i++) {
+       if (strcmp(argv[i], "-randpw") == 0) {
+           random_passwd = 1;
+       } else if (strcmp(argv[i], "-fileonly") == 0) {
+           set_dir_pwd = 0;
+       } else if (strcmp(argv[i], "-f") == 0) {
+           if (argv[++i] == NULL) {
+               print_usage = TRUE;
+               goto cleanup;
+           }
+
+           file_name = strdup(argv[i]);
+           if (file_name == NULL) {
+               com_err(me, ENOMEM, "while setting service object password");
+               goto cleanup;
+           }
+           /* Verify if the file location has the proper file name
+            * for eg, if the file location is a directory like /home/temp/,
+            * we reject it.
+            */
+           filelen = strlen(file_name);
+           if ((filelen == 0) || (file_name[filelen-1] == '/')) {
+               printf("%s: Filename not specified for setting service object password\n", me);
+               print_usage = TRUE;
+               goto cleanup;
+           }
+       } else {
+           printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+           print_usage = TRUE;
+           goto cleanup;
+       }
     }
 
     if (i != argc-1) {
-        print_usage = TRUE;
-        goto cleanup;
+       print_usage = TRUE;
+       goto cleanup;
     }
-       
+
     service_object = strdup(argv[i]);
     if (service_object == NULL) {
-        com_err(me, ENOMEM, "while setting service object password");
-        goto cleanup;
+       com_err(me, ENOMEM, "while setting service object password");
+       goto cleanup;
     }
 
     if (strlen(service_object) == 0) {
-        printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
-        print_usage = TRUE;
-               goto cleanup;
+       printf("%s: Service object not specified for \"setsrvpw\" command\n", me);
+       print_usage = TRUE;
+       goto cleanup;
     }
 
     if (service_object[0] == '-') {
-        print_usage = TRUE;
-       goto cleanup;
+       print_usage = TRUE;
+       goto cleanup;
     }
 
     if (file_name == NULL) {
-        file_name = strdup(DEF_SERVICE_PASSWD_FILE);
-        if (file_name == NULL) {
-            com_err(me, ENOMEM, "while setting service object password");
-            goto cleanup;
-        }
+       file_name = strdup(DEF_SERVICE_PASSWD_FILE);
+       if (file_name == NULL) {
+           com_err(me, ENOMEM, "while setting service object password");
+           goto cleanup;
+       }
     }
 
     if (set_dir_pwd) {
-        if ( db_inited == FALSE ) {
-            if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
-                com_err(me, errcode, "while initializing database");
-                goto cleanup;
-            }
-            db_init_local = TRUE;
-        }
-    }
-       
+       if (db_inited == FALSE) {
+           if ((errcode = krb5_ldap_db_init(util_context, lparams))) {
+               com_err(me, errcode, "while initializing database");
+               goto cleanup;
+           }
+           db_init_local = TRUE;
+       }
+    }
+
     if (random_passwd) {
-        if (!set_dir_pwd) {
-            printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
-            print_usage = TRUE;
-            goto cleanup;
-        }
-        else {
-            /* Generate random password */
-                       
-            if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
-                printf("%s: Failed to set service object password\n", me);
-                goto cleanup;
-            }
-            passwd_len = strlen(passwd);
-        }
-    }
-    else {
-        /* Get the service object password from the terminal */
-        passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
-        if (passwd == NULL) {
-            com_err(me, ENOMEM, "while setting service object password");
-            goto cleanup;
-        }
-        memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
-        passwd_len = MAX_SERVICE_PASSWD_LEN;
-    
-        len = strlen(service_object);  
-        /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */
-        prompt1 = (char *)malloc(len + 20);
-        if (prompt1 == NULL) {
-            com_err(me, ENOMEM, "while setting service object password");
-            goto cleanup;
-        }
-        sprintf(prompt1, "Password for \"%s\"", service_object);
-
-        /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */
-        prompt2 = (char *)malloc(len + 30);
-        if (prompt2 == NULL) {
-            com_err(me, ENOMEM, "while setting service object password");
-            free(prompt1);
-            goto cleanup;
-        }
-        sprintf(prompt2, "Re-enter password for \"%s\"", service_object);
-
-        retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
-        free(prompt1);
-        free(prompt2);
-        if (retval) {
-            com_err(me, retval, "while setting service object password");
-            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-            goto cleanup;
-        }
-        if (passwd_len == 0) {
-           printf("%s: Invalid password\n", me);
-            memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
-            goto cleanup;
-        }
-        passwd_len = strlen(passwd);
+       if (!set_dir_pwd) {
+           printf("%s: Invalid option specified for \"setsrvpw\" command\n", me);
+           print_usage = TRUE;
+           goto cleanup;
+       } else {
+           /* Generate random password */
+
+           if ((errcode = generate_random_password(util_context, &passwd, &passwd_len))) {
+               printf("%s: Failed to set service object password\n", me);
+               goto cleanup;
+           }
+           passwd_len = strlen(passwd);
+       }
+    } else {
+       /* Get the service object password from the terminal */
+       passwd = (char *)malloc(MAX_SERVICE_PASSWD_LEN + 1);
+       if (passwd == NULL) {
+           com_err(me, ENOMEM, "while setting service object password");
+           goto cleanup;
+       }
+       memset(passwd, 0, MAX_SERVICE_PASSWD_LEN + 1);
+       passwd_len = MAX_SERVICE_PASSWD_LEN;
+
+       len = strlen(service_object);
+       /* size of allocation=strlen of servicedn + strlen("Password for \" \"")=20 */
+       prompt1 = (char *)malloc(len + 20);
+       if (prompt1 == NULL) {
+           com_err(me, ENOMEM, "while setting service object password");
+           goto cleanup;
+       }
+       sprintf(prompt1, "Password for \"%s\"", service_object);
+
+       /* size of allocation=strlen of servicedn + strlen("Re-enter Password for \" \"")=30 */
+       prompt2 = (char *)malloc(len + 30);
+       if (prompt2 == NULL) {
+           com_err(me, ENOMEM, "while setting service object password");
+           free(prompt1);
+           goto cleanup;
+       }
+       sprintf(prompt2, "Re-enter password for \"%s\"", service_object);
+
+       retval = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
+       free(prompt1);
+       free(prompt2);
+       if (retval) {
+           com_err(me, retval, "while setting service object password");
+           memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+           goto cleanup;
+       }
+       if (passwd_len == 0) {
+           printf("%s: Invalid password\n", me);
+           memset(passwd, 0, MAX_SERVICE_PASSWD_LEN);
+           goto cleanup;
+       }
+       passwd_len = strlen(passwd);
     }
 
     /* Hex the password */
     {
-        krb5_data pwd, hex;
-        pwd.length = passwd_len;
-        pwd.data = passwd;
-
-        errcode = tohex(pwd, &hex);
-        if (errcode != 0) {
-            if(hex.length != 0) {
-                memset(hex.data, 0, hex.length);
-                free(hex.data);
-            }
-            com_err(me, errcode, "Failed to convert the password to hex");
-            memset(passwd, 0, passwd_len);
-            goto cleanup;
-        }
-        /* Password = {CRYPT}<encrypted password>:<encrypted key> */
-        encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) + 
+       krb5_data pwd, hex;
+       pwd.length = passwd_len;
+       pwd.data = passwd;
+
+       errcode = tohex(pwd, &hex);
+       if (errcode != 0) {
+           if (hex.length != 0) {
+               memset(hex.data, 0, hex.length);
+               free(hex.data);
+           }
+           com_err(me, errcode, "Failed to convert the password to hex");
+           memset(passwd, 0, passwd_len);
+           goto cleanup;
+       }
+       /* Password = {CRYPT}<encrypted password>:<encrypted key> */
+       encrypted_passwd.value = (unsigned char *)malloc(strlen(service_object) +
                                                         1 + 5 + hex.length + 2);
-        if (encrypted_passwd.value == NULL) {
-            com_err(me, ENOMEM, "while setting service object password");
-            memset(passwd, 0, passwd_len);
-            memset(hex.data, 0, hex.length);
-            free(hex.data);
-            goto cleanup;
-        }
-        encrypted_passwd.value[strlen(service_object) + 
+       if (encrypted_passwd.value == NULL) {
+           com_err(me, ENOMEM, "while setting service object password");
+           memset(passwd, 0, passwd_len);
+           memset(hex.data, 0, hex.length);
+           free(hex.data);
+           goto cleanup;
+       }
+       encrypted_passwd.value[strlen(service_object) +
                               1 + 5 + hex.length + 1] = '\0';
-        sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data);
-        encrypted_passwd.len = strlen((char *)encrypted_passwd.value);
-        memset(hex.data, 0, hex.length);
-        free(hex.data);
+       sprintf((char *)encrypted_passwd.value, "%s#{HEX}%s\n", service_object, hex.data);
+       encrypted_passwd.len = strlen((char *)encrypted_passwd.value);
+       memset(hex.data, 0, hex.length);
+       free(hex.data);
     }
 
     /* We should check if the file exists and we have permission to write into that file */
     if (access(file_name, W_OK) == -1) {
-        if (errno == ENOENT) {
-            mode_t omask;
-            int fd = -1;
-               
-            printf("File does not exist. Creating the file %s...\n", file_name );
-            omask = umask(077);
-            fd = creat(file_name, S_IRUSR|S_IWUSR);
-            umask(omask);
-            if (fd == -1) {
-                com_err(me, errno, "Error creating file %s", file_name);
-                memset(passwd, 0, passwd_len);
-                goto cleanup;
+       if (errno == ENOENT) {
+           mode_t omask;
+           int fd = -1;
+
+           printf("File does not exist. Creating the file %s...\n", file_name);
+           omask = umask(077);
+           fd = creat(file_name, S_IRUSR|S_IWUSR);
+           umask(omask);
+           if (fd == -1) {
+               com_err(me, errno, "Error creating file %s", file_name);
+               memset(passwd, 0, passwd_len);
+               goto cleanup;
            }
-            close(fd);
-        }
-        else {
-            com_err(me, errno, "Unable to access the file %s", file_name);
-            memset(passwd, 0, passwd_len);
-            goto cleanup;
-        }
+           close(fd);
+       } else {
+           com_err(me, errno, "Unable to access the file %s", file_name);
+           memset(passwd, 0, passwd_len);
+           goto cleanup;
+       }
     }
 
     if (set_dir_pwd) {
-        if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
-            com_err(me, errcode, "Failed to set password for service object %s", service_object);
-            memset(passwd, 0, passwd_len);
-            goto cleanup;
-        }
+       if ((errcode = krb5_ldap_set_service_passwd(util_context, service_object, passwd)) != 0) {
+           com_err(me, errcode, "Failed to set password for service object %s", service_object);
+           memset(passwd, 0, passwd_len);
+           goto cleanup;
+       }
     }
 
     memset(passwd, 0, passwd_len);
@@ -1808,129 +1762,125 @@ kdb5_ldap_set_service_password(argc, argv)
     /* set password in the file */
     pfile = fopen(file_name, "r+");
     if (pfile == NULL) {
-        com_err(me, errno, "Failed to open file %s", file_name);
-        goto cleanup;
+       com_err(me, errno, "Failed to open file %s", file_name);
+       goto cleanup;
     }
 
-    while(fgets(line, MAX_LEN, pfile) != NULL) {
-        if ((str = strstr(line, service_object)) != NULL) {
-            if(line[strlen(service_object)] == '#') {
-                break;
-            }
-           str = NULL;
-        }
+    while (fgets(line, MAX_LEN, pfile) != NULL) {
+       if ((str = strstr(line, service_object)) != NULL) {
+           if (line[strlen(service_object)] == '#') {
+               break;
+           }
+           str = NULL;
+       }
     }
     if (str == NULL) {
-        if(feof(pfile)) {
-            /* If the service object dn is not present in the service password file */
-            if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
-                com_err(me, errno, "Failed to write service object password to file");
-                goto cleanup;
-            }
-        }
-        else {
-            com_err(me, errno, "Error reading service object password file");
-            goto cleanup;
-        }
-        fclose(pfile);
-        pfile = NULL;
-    }
-    else {
-        /* Password entry for the service object is already present in the file */
-        /* Delete the existing entry and add the new entry */
-        FILE *newfile = NULL;
-        mode_t omask;
-
-        /* Create a new file with the extension .tmp */
-        tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1));
-        if (tmp_file == NULL) {
-            com_err(me, ENOMEM, "while setting service object password");
-            goto cleanup;
-        }
-        sprintf(tmp_file,"%s.%s",file_name,"tmp");
-               
-        omask = umask(077);
-        newfile = fopen(tmp_file, "w+");
-        umask(omask);
-        if (newfile == NULL) {
-            com_err(me, errno, "Error creating file %s", tmp_file);
-            goto cleanup;
-        }
-
-                       
-        fseek(pfile, 0, SEEK_SET);
-        while(fgets(line, MAX_LEN, pfile) != NULL) {
-            if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
-                if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
-                    com_err(me, errno, "Failed to write service object password to file");
-                    fclose(newfile);
-                    unlink(tmp_file);
-                    goto cleanup;
-                }
-            }
-            else {
-                len = strlen(line);
-                if (fprintf(newfile, "%s", line) < 0) {
-                    com_err(me, errno, "Failed to write service object password to file");
-                    fclose(newfile);
-                    unlink(tmp_file);
-                    goto cleanup;
-                }
-            }          
-        }
-
-        if(!feof(pfile)) {
-            com_err(me, errno, "Error reading service object password file");
-            fclose(newfile);
-            unlink(tmp_file);
-            goto cleanup;
-        }
-
-        /* TODO: file lock for the service password file */
-        fclose(pfile);
-        pfile = NULL;
+       if (feof(pfile)) {
+           /* If the service object dn is not present in the service password file */
+           if (fwrite(encrypted_passwd.value, (unsigned int)encrypted_passwd.len, 1, pfile) != 1) {
+               com_err(me, errno, "Failed to write service object password to file");
+               goto cleanup;
+           }
+       } else {
+           com_err(me, errno, "Error reading service object password file");
+           goto cleanup;
+       }
+       fclose(pfile);
+       pfile = NULL;
+    } else {
+       /* Password entry for the service object is already present in the file */
+       /* Delete the existing entry and add the new entry */
+       FILE *newfile = NULL;
+       mode_t omask;
+
+       /* Create a new file with the extension .tmp */
+       tmp_file = (char *) malloc(sizeof(char) * (strlen(file_name) + 4 + 1));
+       if (tmp_file == NULL) {
+           com_err(me, ENOMEM, "while setting service object password");
+           goto cleanup;
+       }
+       sprintf(tmp_file,"%s.%s",file_name,"tmp");
+
+       omask = umask(077);
+       newfile = fopen(tmp_file, "w+");
+       umask(omask);
+       if (newfile == NULL) {
+           com_err(me, errno, "Error creating file %s", tmp_file);
+           goto cleanup;
+       }
+
+
+       fseek(pfile, 0, SEEK_SET);
+       while (fgets(line, MAX_LEN, pfile) != NULL) {
+           if (((str = strstr(line, service_object)) != NULL) && (line[strlen(service_object)] == '#')) {
+               if (fprintf(newfile, "%s", encrypted_passwd.value) < 0) {
+                   com_err(me, errno, "Failed to write service object password to file");
+                   fclose(newfile);
+                   unlink(tmp_file);
+                   goto cleanup;
+               }
+           } else {
+               len = strlen(line);
+               if (fprintf(newfile, "%s", line) < 0) {
+                   com_err(me, errno, "Failed to write service object password to file");
+                   fclose(newfile);
+                   unlink(tmp_file);
+                   goto cleanup;
+               }
+           }
+       }
+
+       if (!feof(pfile)) {
+           com_err(me, errno, "Error reading service object password file");
+           fclose(newfile);
+           unlink(tmp_file);
+           goto cleanup;
+       }
+
+       /* TODO: file lock for the service password file */
+       fclose(pfile);
+       pfile = NULL;
 
        fclose(newfile);
-        newfile = NULL;
-
-        if (unlink(file_name) == 0) {
-            link(tmp_file, file_name);
-        }
-        else {
-            com_err(me, errno, "Failed to write service object password to file");
-            unlink(tmp_file);
-            goto cleanup;
-        }
-        unlink(tmp_file);
+       newfile = NULL;
+
+       if (unlink(file_name) == 0) {
+           link(tmp_file, file_name);
+       } else {
+           com_err(me, errno, "Failed to write service object password to file");
+           unlink(tmp_file);
+           goto cleanup;
+       }
+       unlink(tmp_file);
     }
     errcode = 0;
-               
+
 cleanup:
     if (db_init_local)
-        krb5_ldap_close(util_context);
+       krb5_ldap_close(util_context);
 
     if (service_object)
-        free(service_object);
-               
+       free(service_object);
+
     if (file_name)
-        free(file_name);
+       free(file_name);
 
     if (passwd)
-        free(passwd);
+       free(passwd);
 
     if (encrypted_passwd.value) {
-        memset(encrypted_passwd.value, 0, encrypted_passwd.len);
-        free(encrypted_passwd.value);
+       memset(encrypted_passwd.value, 0, encrypted_passwd.len);
+       free(encrypted_passwd.value);
     }
 
     if (pfile)
-        fclose(pfile);
+       fclose(pfile);
 
     if (tmp_file)
-        free(tmp_file);
+       free(tmp_file);
 
     if (print_usage)
-        db_usage(SET_SRV_PW);
+       db_usage(SET_SRV_PW);
 
     return errcode;
 }
@@ -1997,13 +1947,13 @@ kdb5_ldap_stash_service_password(argc, argv)
        }
 
        /* Pick up the stash-file name from krb5.conf */
-       profile_get_string( util_context->profile, KDB_REALM_SECTION,
-               util_context->default_realm, KDB_MODULE_POINTER, NULL, &section );
+       profile_get_string(util_context->profile, KDB_REALM_SECTION,
+                          util_context->default_realm, KDB_MODULE_POINTER, NULL, &section);
 
-       if(section == NULL) {
-           profile_get_string( util_context->profile, KDB_MODULE_DEF_SECTION,
-                   KDB_MODULE_POINTER, NULL, NULL, &section);
-           if(section == NULL) {
+       if (section == NULL) {
+           profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                              KDB_MODULE_POINTER, NULL, NULL, &section);
+           if (section == NULL) {
                /* Stash file path neither in krb5.conf nor on command line */
                file_name = strdup(DEF_SERVICE_PASSWD_FILE);
                goto done;
@@ -2011,7 +1961,7 @@ kdb5_ldap_stash_service_password(argc, argv)
        }
 
        profile_get_string (util_context->profile, KDB_MODULE_SECTION, section,
-               "ldap_service_password_file", NULL, &file_name);
+                           "ldap_service_password_file", NULL, &file_name);
     }
 done:
 
@@ -2025,12 +1975,12 @@ done:
 
        /* size of prompt = strlen of servicedn + strlen("Password for \" \"") */
        assert (sizeof (prompt1) > (strlen (service_object)
-                   + sizeof ("Password for \" \"")));
+                                   + sizeof ("Password for \" \"")));
        sprintf(prompt1, "Password for \"%s\"", service_object);
 
        /* size of prompt = strlen of servicedn + strlen("Re-enter Password for \" \"") */
        assert (sizeof (prompt2) > (strlen (service_object)
-                   + sizeof ("Re-enter Password for \" \"")));
+                                   + sizeof ("Re-enter Password for \" \"")));
        sprintf(prompt2, "Re-enter password for \"%s\"", service_object);
 
        ret = krb5_read_password(util_context, prompt1, prompt2, passwd, &passwd_len);
@@ -2055,9 +2005,9 @@ done:
        pwd.data = passwd;
 
        ret = tohex(pwd, &hexpasswd);
-       if(ret != 0){
+       if (ret != 0) {
            com_err(me, ret, "Failed to convert the password to hexadecimal");
-            memset(passwd, 0, passwd_len);
+           memset(passwd, 0, passwd_len);
            goto cleanup;
        }
     }
@@ -2086,15 +2036,14 @@ done:
     }
 
     if (str == NULL) {
-       if(feof(pfile)) {
+       if (feof(pfile)) {
            /* If the service object dn is not present in the service password file */
            if (fprintf(pfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
                com_err(me, errno, "Failed to write service object password to file");
                fclose(pfile);
                goto cleanup;
            }
-       }
-       else {
+       } else {
            com_err(me, errno, "Error reading service object password file");
            fclose(pfile);
            goto cleanup;
@@ -2128,9 +2077,9 @@ done:
        }
 
        fseek(pfile, 0, SEEK_SET);
-       while(fgets(line, MAX_LEN, pfile) != NULL) {
+       while (fgets(line, MAX_LEN, pfile) != NULL) {
            if (((str = strstr(line, service_object)) != NULL) &&
-                   (line[strlen(service_object)] == '#')) {
+               (line[strlen(service_object)] == '#')) {
                if (fprintf(newfile, "%s#{HEX}%s\n", service_object, hexpasswd.data) < 0) {
                    com_err(me, errno, "Failed to write service object password to file");
                    fclose(newfile);
@@ -2146,10 +2095,10 @@ done:
                    fclose(pfile);
                    goto cleanup;
                }
-           }           
+           }
        }
 
-       if(!feof(pfile)) {
+       if (!feof(pfile)) {
            com_err(me, errno, "Error reading service object password file");
            fclose(newfile);
            unlink(tmp_file);
@@ -2173,8 +2122,8 @@ done:
 
 cleanup:
 
-    if(hexpasswd.length != 0) {
-        memset(hexpasswd.data, 0, hexpasswd.length);
+    if (hexpasswd.length != 0) {
+       memset(hexpasswd.data, 0, hexpasswd.length);
        free(hexpasswd.data);
     }
 
@@ -2188,7 +2137,7 @@ cleanup:
        free(tmp_file);
 
     if (print_usage)
-        usage();
+       usage();
 /*     db_usage(STASH_SRV_PW); */
 
     return ret;
index e10a055bcd22d597902c38aac814f6be76d94a6e..86f7457b621aabb64525ca423637e7d319110c7f 100644 (file)
@@ -5,28 +5,28 @@
 /* Copyright (c) 2004-2005, Novell, Inc.
  * All rights reserved.
  *
- * Redistribution and use in source and binary forms, with or without 
+ * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  *   * Redistributions of source code must retain the above copyright notice,
  *       this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright 
- *       notice, this list of conditions and the following disclaimer in the 
+ *   * Redistributions in binary form must reproduce the above copyright
+ *       notice, this list of conditions and the following disclaimer in the
  *       documentation and/or other materials provided with the distribution.
  *   * The copyright holder's name is not used to endorse or promote products
  *       derived from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
- * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
- * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
- * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
- * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE. 
+ * POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "ldap_misc.h"
@@ -51,8 +51,8 @@
 #define DEF_SERVICE_PASSWD_FILE "/usr/local/var/service_passwd"
 
 struct data{
-       int len;
-       unsigned char *value;
+    int len;
+    unsigned char *value;
 };
 
 extern int enc_password(struct data pwd, struct data *enc_key, struct data *enc_pass);
index 4b07b27546a1b741a9e7069706aef51d5dedccf6..be9ae0c6fb7f22409f7f6c3850aea3a9cf295c74 100644 (file)
@@ -8,7 +8,7 @@
  *   require a specific license from the United States Government.
  *   It is the responsibility of any person or organization contemplating
  *   export to obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
  * M.I.T. makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  *
  * Edit a KDC database.
  */
 
 /*
  * Copyright (C) 1998 by the FundsXpress, INC.
- * 
+ *
  * All rights reserved.
- * 
+ *
  * Export of this software from the United States of America may require
  * a specific license from the United States Government.  It is the
  * responsibility of any person or organization contemplating export to
  * obtain such a license before exporting.
- * 
+ *
  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
  * distribute this software and its documentation for any purpose and
  * without fee is hereby granted, provided that the above copyright
@@ -47,7 +47,7 @@
  * permission.  FundsXpress makes no representations about the suitability of
  * this software for any purpose.  It is provided "as is" without express
  * or implied warranty.
- * 
+ *
  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
@@ -100,13 +100,13 @@ krb5_boolean db_inited = FALSE;
 char *progname;
 krb5_boolean manual_mkey = FALSE;
 
-/* 
- * This function prints the usage of kdb5_ldap_util, which is 
+/*
+ * This function prints the usage of kdb5_ldap_util, which is
  * the LDAP configuration utility.
  */
 void usage()
 {
-     fprintf(stderr, "Usage: "
+    fprintf(stderr, "Usage: "
 "kdb5_ldap_util [-D user_dn [-w passwd]] [-h ldap_server] [-p ldap_port]\n"
 "\tcmd [cmd_options]\n"
 
@@ -189,7 +189,7 @@ void usage()
 /* List policies */
 "list_policy     [-basedn base_dn]\n"
 
-);
+       );
 }
 
 void db_usage (int type) {
@@ -204,31 +204,30 @@ void db_usage (int type) {
  * same order as listed in this table.
  */
 static struct _cmd_table {
-     char *name;
-     cmd_func func;
-     int opendb;
+    char *name;
+    cmd_func func;
+    int opendb;
 } cmd_table[] = {
-     {"create", kdb5_ldap_create, 1},
-     {"modify", kdb5_ldap_modify, 1},
-     {"view", kdb5_ldap_view, 1},
-     {"destroy", kdb5_ldap_destroy, 1},
-     {"list", kdb5_ldap_list, 1},
+    {"create", kdb5_ldap_create, 1},
+    {"modify", kdb5_ldap_modify, 1},
+    {"view", kdb5_ldap_view, 1},
+    {"destroy", kdb5_ldap_destroy, 1},
+    {"list", kdb5_ldap_list, 1},
 #ifdef HAVE_EDIRECTORY
-     {"create_service", kdb5_ldap_create_service, 1},
-     {"modify_service", kdb5_ldap_modify_service, 1},
-     {"view_service", kdb5_ldap_view_service, 1},
-     {"destroy_service", kdb5_ldap_destroy_service, 1},
-     {"list_service",kdb5_ldap_list_services,1},
-     {"setsrvpw", kdb5_ldap_set_service_password, 0},
-#else
-     {"stashsrvpw", kdb5_ldap_stash_service_password, 0},
+    {"create_service", kdb5_ldap_create_service, 1},
+    {"modify_service", kdb5_ldap_modify_service, 1},
+    {"view_service", kdb5_ldap_view_service, 1},
+    {"destroy_service", kdb5_ldap_destroy_service, 1},
+    {"list_service",kdb5_ldap_list_services,1},
+    {"setsrvpw", kdb5_ldap_set_service_password, 0},
+#else {"stashsrvpw", kdb5_ldap_stash_service_password, 0},
 #endif
-     {"create_policy", kdb5_ldap_create_policy, 1},
-     {"modify_policy", kdb5_ldap_modify_policy, 1},
-     {"view_policy", kdb5_ldap_view_policy, 1},
-     {"destroy_policy", kdb5_ldap_destroy_policy, 1},
-     {"list_policy", kdb5_ldap_list_policies, 1},
-     {NULL, NULL, 0},
+    {"create_policy", kdb5_ldap_create_policy, 1},
+    {"modify_policy", kdb5_ldap_modify_policy, 1},
+    {"view_policy", kdb5_ldap_view_policy, 1},
+    {"destroy_policy", kdb5_ldap_destroy_policy, 1},
+    {"list_policy", kdb5_ldap_list_policies, 1},
+    {NULL, NULL, 0},
 };
 
 
@@ -237,7 +236,7 @@ static struct _cmd_table {
  * command name and returns NULL if nothing matches.
  */
 static struct _cmd_table *cmd_lookup(name)
-   char *name;
+    char *name;
 {
     int i;
 
@@ -285,7 +284,7 @@ int main(argc, argv)
     char *argv[];
 {
     struct _cmd_table *cmd = NULL;
-    char *koptarg = NULL, **cmd_argv = NULL;   
+    char *koptarg = NULL, **cmd_argv = NULL;
     int cmd_argc = 0;
     krb5_error_code retval;
     int usage_print = 0;
@@ -307,7 +306,7 @@ int main(argc, argv)
     retval = krb5_init_context(&util_context);
     set_com_err_hook(extended_com_err_fn);
     if (retval) {
-        com_err (progname, retval, "while initializing Kerberos code");
+       com_err (progname, retval, "while initializing Kerberos code");
        exit_status++;
        goto cleanup;
     }
@@ -316,24 +315,24 @@ int main(argc, argv)
 
     cmd_argv = (char **) malloc(sizeof(char *)*argc);
     if (cmd_argv == NULL) {
-        com_err(progname, ENOMEM, "while creating sub-command arguments");
-        exit_status++;
+       com_err(progname, ENOMEM, "while creating sub-command arguments");
+       exit_status++;
        goto cleanup;
     }
     memset(cmd_argv, 0, sizeof(char *)*argc);
     cmd_argc = 1;
 
     memset(&global_params, 0, sizeof(kadm5_config_params));
-        
+
     argv++; argc--;
     while (*argv) {
-        if (strcmp(*argv, "--help") == 0) {
-            print_help_message = TRUE;
-        }
-        if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
+       if (strcmp(*argv, "--help") == 0) {
+           print_help_message = TRUE;
+       }
+       if (strcmp(*argv, "-P") == 0 && ARG_VAL) {
            mkey_password = koptarg;
            manual_mkey = TRUE;
-        } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
+       } else if (strcmp(*argv, "-r") == 0 && ARG_VAL) {
            global_params.realm = koptarg;
            global_params.mask |= KADM5_CONFIG_REALM;
            /* not sure this is really necessary */
@@ -343,54 +342,54 @@ int main(argc, argv)
                exit_status++;
                goto cleanup;
            }
-        } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
+       } else if (strcmp(*argv, "-k") == 0 && ARG_VAL) {
            if (krb5_string_to_enctype(koptarg, &global_params.enctype))
                com_err(argv[0], 0, "%s is an invalid enctype", koptarg);
            else
                global_params.mask |= KADM5_CONFIG_ENCTYPE;
-        } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
+       } else if (strcmp(*argv, "-M") == 0 && ARG_VAL) {
            global_params.mkey_name = koptarg;
            global_params.mask |= KADM5_CONFIG_MKEY_NAME;
-        } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
+       } else if (strcmp(*argv, "-sf") == 0 && ARG_VAL) {
            global_params.stash_file = koptarg;
            global_params.mask |= KADM5_CONFIG_STASH_FILE;
-        } else if (strcmp(*argv, "-m") == 0) {
+       } else if (strcmp(*argv, "-m") == 0) {
            manual_mkey = TRUE;
            global_params.mkey_from_kbd = 1;
            global_params.mask |= KADM5_CONFIG_MKEY_FROM_KBD;
-        } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
-            bind_dn = koptarg;
-            if (bind_dn == NULL) {
-                com_err(progname, ENOMEM, "while reading ldap parameters");
-                exit_status++;
-                goto cleanup;
-            }
-            ldapmask |= CMD_LDAP_D;
-        } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
-            passwd = strdup(koptarg);
-            if (passwd == NULL) {
-                com_err(progname, ENOMEM, "while reading ldap parameters");
-                exit_status++;
-                goto cleanup;
-            }
-            ldapmask |= CMD_LDAP_W;
-        } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) {
-            ldap_server = koptarg;
-            if (ldap_server == NULL) {
-                com_err(progname, ENOMEM, "while reading ldap parameters");
-                exit_status++;
-                goto cleanup;
-            }
-            ldapmask |= CMD_LDAP_H;
-        } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) {
-            ldap_port = koptarg;
-            if (ldap_port == NULL) {
-                com_err(progname, ENOMEM, "while reading ldap parameters");
-                exit_status++;
-                goto cleanup;
-            }
-            ldapmask |= CMD_LDAP_P;
-        } else if (cmd_lookup(*argv) != NULL) {
+       } else if (strcmp(*argv, "-D") == 0 && ARG_VAL) {
+           bind_dn = koptarg;
+           if (bind_dn == NULL) {
+               com_err(progname, ENOMEM, "while reading ldap parameters");
+               exit_status++;
+               goto cleanup;
+           }
+           ldapmask |= CMD_LDAP_D;
+       } else if (strcmp(*argv, "-w") == 0 && ARG_VAL) {
+           passwd = strdup(koptarg);
+           if (passwd == NULL) {
+               com_err(progname, ENOMEM, "while reading ldap parameters");
+               exit_status++;
+               goto cleanup;
+           }
+           ldapmask |= CMD_LDAP_W;
+       } else if (strcmp(*argv, "-h") == 0 && ARG_VAL) {
+           ldap_server = koptarg;
+           if (ldap_server == NULL) {
+               com_err(progname, ENOMEM, "while reading ldap parameters");
+               exit_status++;
+               goto cleanup;
+           }
+           ldapmask |= CMD_LDAP_H;
+       } else if (strcmp(*argv, "-p") == 0 && ARG_VAL) {
+           ldap_port = koptarg;
+           if (ldap_port == NULL) {
+               com_err(progname, ENOMEM, "while reading ldap parameters");
+               exit_status++;
+               goto cleanup;
+           }
+           ldapmask |= CMD_LDAP_P;
+       } else if (cmd_lookup(*argv) != NULL) {
            if (cmd_argv[0] == NULL)
                cmd_argv[0] = *argv;
            else {
@@ -399,10 +398,10 @@ int main(argc, argv)
                usage();
                goto cleanup;
            }
-        } else {
+       } else {
            cmd_argv[cmd_argc++] = *argv;
-        }
-        argv++; argc--;
+       }
+       argv++; argc--;
     }
 
     if (cmd_argv[0] == NULL) {
@@ -419,72 +418,69 @@ int main(argc, argv)
        char *cmd_name = cmd_argv[0];
        free(cmd_argv);
        cmd_argv = NULL;
-        usage();
+       usage();
        goto cleanup;
     }
-    
+
     /* We need to check for the presence of default realm name only in
      * the case of realm related operations like create, destroy etc.
      */
     if ((strcmp(cmd_argv[0], "create") == 0) ||
-        (strcmp(cmd_argv[0], "destroy") == 0) ||
-        (strcmp(cmd_argv[0], "modify") == 0) ||
-        (strcmp(cmd_argv[0], "view") == 0)
-       ) {
-        realm_name_required = TRUE;
+       (strcmp(cmd_argv[0], "destroy") == 0) ||
+       (strcmp(cmd_argv[0], "modify") == 0) ||
+       (strcmp(cmd_argv[0], "view") == 0)
+       ) {
+       realm_name_required = TRUE;
     }
 
-    if( !util_context->default_realm ) {
+    if (!util_context->default_realm) {
        char *temp = NULL;
        retval = krb5_get_default_realm(util_context, &temp);
-       if( retval ) {
+       if (retval) {
            if (realm_name_required) {
                com_err (progname, retval, "while getting default realm");
                exit_status++;
                goto cleanup;
            }
-       }
-       else
+       } else
            util_context->default_realm = temp;
     }
     /* If we have the realm name, we can safely say that
      * realm_name is required so that we don't neglect any information.
      */
     else
-        realm_name_required = TRUE;
-
-    retval = profile_get_string( util_context->profile, KDB_REALM_SECTION,
-                                util_context->default_realm, KDB_MODULE_POINTER,
-                                NULL,
-                                &value );
-    
-    if(!(value)) {
-       retval = profile_get_string( util_context->profile, KDB_MODULE_DEF_SECTION,
-                                    KDB_MODULE_POINTER, NULL,
-                                    NULL,
-                                    &value );
-       if(!(value)) {
-            if (util_context->default_realm)
-                conf_section = strdup( util_context->default_realm );
-       }
-       else {
+       realm_name_required = TRUE;
+
+    retval = profile_get_string(util_context->profile, KDB_REALM_SECTION,
+                               util_context->default_realm, KDB_MODULE_POINTER,
+                               NULL,
+                               &value);
+
+    if (!(value)) {
+       retval = profile_get_string(util_context->profile, KDB_MODULE_DEF_SECTION,
+                                   KDB_MODULE_POINTER, NULL,
+                                   NULL,
+                                   &value);
+       if (!(value)) {
+           if (util_context->default_realm)
+               conf_section = strdup(util_context->default_realm);
+       } else {
            conf_section = strdup(value);
            free(value);
-       }       
-    }
-    else {
+       }
+    } else {
        conf_section = strdup(value);
        free(value);
     }
 
     if (realm_name_required) {
-        retval = kadm5_get_config_params(util_context, 1,
+       retval = kadm5_get_config_params(util_context, 1,
                                         &global_params, &global_params);
-        if (retval) {
-            com_err(argv[0], retval, "while retreiving configuration parameters");
-            exit_status++;
-            goto cleanup;
-        }
+       if (retval) {
+           com_err(argv[0], retval, "while retreiving configuration parameters");
+           exit_status++;
+           goto cleanup;
+       }
        gp_is_static = 0;
     }
 
@@ -506,109 +502,109 @@ int main(argc, argv)
 
     /* If LDAP parameters are specified, replace them with the values from config */
     if (ldapmask & CMD_LDAP_D) {
-        /* If password is not specified, prompt for it */
-        if (passwd == NULL) {
-            passwd = (char *)malloc(MAX_PASSWD_LEN);
-            if (passwd == NULL) {
-                com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
-                exit_status++;
-                goto cleanup;
-            }
-            prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
-            if (prompt == NULL) {
-                free(passwd);
+       /* If password is not specified, prompt for it */
+       if (passwd == NULL) {
+           passwd = (char *)malloc(MAX_PASSWD_LEN);
+           if (passwd == NULL) {
+               com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+               exit_status++;
+               goto cleanup;
+           }
+           prompt = (char *)malloc(MAX_PASSWD_PROMPT_LEN);
+           if (prompt == NULL) {
+               free(passwd);
                passwd = NULL;
-                com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
-                exit_status++;
-                goto cleanup;
-            }
-            memset(passwd, 0, sizeof(passwd));
-            passwd_len = MAX_PASSWD_LEN - 1;
-            snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
-
-            db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
-
-            if ((db_retval) || (passwd_len == 0)) {
-                com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
-                free(passwd);
+               com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+               exit_status++;
+               goto cleanup;
+           }
+           memset(passwd, 0, sizeof(passwd));
+           passwd_len = MAX_PASSWD_LEN - 1;
+           snprintf(prompt, MAX_PASSWD_PROMPT_LEN, "Password for \"%s\"", bind_dn);
+
+           db_retval = krb5_read_password(util_context, prompt, NULL, passwd, &passwd_len);
+
+           if ((db_retval) || (passwd_len == 0)) {
+               com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+               free(passwd);
                passwd = NULL;
-                exit_status++;
-                goto cleanup;
-            }
-        }
+               exit_status++;
+               goto cleanup;
+           }
+       }
 
-        ldap_context->bind_pwd = passwd;
+       ldap_context->bind_pwd = passwd;
     }
 
     /* If ldaphost is specified, release entry filled by configuration & use this */
     if (ldapmask & CMD_LDAP_H) {
 
-      ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;       
-      if (ldap_context->server_info_list == NULL) {
-       com_err(argv[0], ENOMEM, "while initializing server list");
-       exit_status++;
-       goto cleanup;
-      }
-      
-      ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
-      if (ldap_context->server_info_list[0] == NULL) {
-       com_err(argv[0], ENOMEM, "while initializing server list");
-       exit_status++;
-       goto cleanup;
-      }
-      
-      ldap_context->server_info_list[0]->server_status = NOTSET;
-      
-      ldap_context->server_info_list[0]->server_name = strdup(ldap_server);        
-      if (ldap_context->server_info_list[0]->server_name == NULL) {
-       com_err(argv[0], ENOMEM, "while initializing server list");
-       exit_status++;
-       goto cleanup;
-      }
+       ldap_context->server_info_list = (krb5_ldap_server_info **) calloc (2, sizeof (krb5_ldap_server_info *)) ;
+       if (ldap_context->server_info_list == NULL) {
+           com_err(argv[0], ENOMEM, "while initializing server list");
+           exit_status++;
+           goto cleanup;
+       }
+
+       ldap_context->server_info_list[0] = (krb5_ldap_server_info *) calloc (1, sizeof (krb5_ldap_server_info));
+       if (ldap_context->server_info_list[0] == NULL) {
+           com_err(argv[0], ENOMEM, "while initializing server list");
+           exit_status++;
+           goto cleanup;
+       }
+
+       ldap_context->server_info_list[0]->server_status = NOTSET;
+
+       ldap_context->server_info_list[0]->server_name = strdup(ldap_server);
+       if (ldap_context->server_info_list[0]->server_name == NULL) {
+           com_err(argv[0], ENOMEM, "while initializing server list");
+           exit_status++;
+           goto cleanup;
+       }
     }
     /* If ldapport is specified, release entry filled by configuration & use this*/
     if (ldapmask & CMD_LDAP_P) {
        ldap_context->port = atoi(ldap_port);
     }
     if (bind_dn) {
-        ldap_context->bind_dn = strdup(bind_dn);
+       ldap_context->bind_dn = strdup(bind_dn);
        if (ldap_context->bind_dn == NULL) {
-            com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
-            exit_status++;
-            goto cleanup;
+           com_err(argv[0], ENOMEM, "while retrieving ldap configuration");
+           exit_status++;
+           goto cleanup;
        }
     } else
-        ldap_context->bind_dn = NULL;
+       ldap_context->bind_dn = NULL;
 
     ldap_context->service_type = SERVICE_DN_TYPE_CLIENT;
 
-    if(realm_name_required) {
-        if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
+    if (realm_name_required) {
+       if ((global_params.enctype != ENCTYPE_UNKNOWN) &&
            (!krb5_c_valid_enctype(global_params.enctype))) {
-                com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
-                    "while setting up enctype %d", global_params.enctype);
-        }
+           com_err(argv[0], KRB5_PROG_KEYTYPE_NOSUPP,
+                   "while setting up enctype %d", global_params.enctype);
+       }
     }
 
     cmd = cmd_lookup(cmd_argv[0]);
 
     /* Setup DAL handle to access the database */
-    dal_handle = calloc( (size_t)1, sizeof(kdb5_dal_handle) );
-    if( dal_handle == NULL ) {
+    dal_handle = calloc((size_t)1, sizeof(kdb5_dal_handle));
+    if (dal_handle == NULL) {
        goto cleanup;
     }
     dal_handle->db_context = ldap_context;
     util_context->db_context = (void *) dal_handle;
-    
+
     db_retval = krb5_ldap_read_server_params(util_context, conf_section, KRB5_KDB_SRV_TYPE_OTHER);
     if (db_retval) {
-        com_err(argv[0], db_retval, "while reading ldap configuration");
-        exit_status++;
-        goto cleanup;
+       com_err(argv[0], db_retval, "while reading ldap configuration");
+       exit_status++;
+       goto cleanup;
     }
-    
+
     if (cmd->opendb) {
-       db_retval = krb5_ldap_db_init( util_context, ldap_context);
+       db_retval = krb5_ldap_db_init(util_context, ldap_context);
        if (db_retval) {
            com_err(progname, db_retval, "while initializing database");
            exit_status++;
@@ -622,30 +618,29 @@ int main(argc, argv)
 
 cleanup:
     if (passwd)
-        memset(passwd, 0, sizeof(passwd));
+       memset(passwd, 0, sizeof(passwd));
     if (ldap_context && ldap_context->bind_pwd)
-        memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd));
+       memset(ldap_context->bind_pwd, 0, sizeof(ldap_context->bind_pwd));
 
     if (util_context) {
        if (gp_is_static == 0)
            kadm5_free_config_params(util_context, &global_params);
-        krb5_ldap_close(util_context);
-        krb5_free_context(util_context);
+       krb5_ldap_close(util_context);
+       krb5_free_context(util_context);
     }
 
     if (cmd_argv)
-        free(cmd_argv);
+       free(cmd_argv);
     if (prompt)
-        free(prompt);
+       free(prompt);
     if (conf_section)
-        free(conf_section);
+       free(conf_section);
     if (dal_handle)
        free(dal_handle);
 
     if (usage_print) {
-        usage();
+       usage();
     }
 
     return exit_status;
 }
-